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The  HP  BladeSystem  c-Class  helps  free  I.T.  from  the  cycle  of  server  management.  It's  equipped  with  HP's  exclusive  Virtual  Connect 
Architecture,  which  virtualizes  your  LAN/SAN  settings,  so  you  only  wire  once  and  can  make  network  changes  on  the  fly. 

This  drastically  improves  efficiency  and  service  levels  and  gives  you  the  time  to  focus  on  the  things  that  really  drive  your  business. 

Technology  for  better  business  outcomes. 


1  Hewlett-Packard  Development  Company,  L.P. 


To  learn  more,  call  1 -888-277-961 8  or  visit  hp.com/go/BeReady36 
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Is  Secure  Enough? 

COVER  STORY:  With  IT  security 
managers  being  asked  to 
justify  every  dollar  they 
spend,  there’s  a  growing 
need  to  come  up  with  a 
better  answer  to  the  big 
question  in  security.  Here 
are  five  steps  that  can  help. 
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40  Storm  Central 

A  Web-based  tool  combining  3-D  satellite  imagery  and 
real-time  weather  data  allows  crisis  managers  at  energy 
company  BP  make  better  decisions  more  quickly. 
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COVER  ILLUSTRATIONS  BY  HAL  MAYFORTH 


ALTERNATIVE  THINKING  ABOUT  ASSURANCE: 


There  is  a  certain  amount  of  confidence  that  comes  with  the  HP  ProLiant  DL385  G5  Server,  featuring  efficient  Quad-Core  AMD  Opteron™ 
processors.  Not  just  because  it  is  the  best-selling  server  of  its  kind*  But  with  time-tested  features  like  Pre-Failure  Notification  and  Remote 
Access  Management,  it  unfailingly  delivers  on  the  promise  of  never  letting  I.T.  down. 


Technology  for  better  business  outcomes. 


.  for  as  low  as  $39/mo'  for  48  months 
Smart  (PN:  AG739A) 

•  400  GB  compressed  capacity  in  half-height 
form  factor 


•  Ships  with  Data  Protector  Express  Software, 
One  Button  Disaster  Recovery,  a  1U 
Rackmount  Kit,  and  a  Host  Bus  Adapter 


Smart  (PN:  464211-005) 

•  2  Quad-Core  AMD  Opteron™  processors 

•  Supports  small  form  factor,  high-performance 
SAS  or  low-cost  SATA  hard  drives 

•  Redundant  Power 

•  Integrated  Lights-Out  (iL02),  Systems 
Insight  Manager,  SmartStart 

Get  More: 

Smart  24x7,  4  hour  response,  3  years 

(PN:  UE894E]  $689 

Smart  Jflj  Add  2  GB  additional  memory 
(PN:  408851 -S2 1 )  $159 


J 
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AMD 

Opteron 


10,000,000  I.T.  folks  can't  be  wrong. 

To  learn  more,  call  1-888-220-7138  or  visit  hp.com/go/dependable6 


'Based  on  IDC.  Worldwide  Quarterly  Server  Tracker,  February  2008.  in  Calendar  4Q  '07,  IOC  reported  worldwide  HP  ProLiant  server  shipments  at  681 ,445  units,  well  ahead  of  Dell  PowerEdge’s 
499,715  units  at  #2.  IDC  also  reported  ProLiant  factory  revenue  at  $2,743  million  vs.  $1 .580  million  for  Dell's  PowerEdge  family.  Prices  shown  are  HP  Direct  prices;  reseller  and  retail  prices  may 
vary.  Prices  shown  are  subject  to  change  and'  do  not  include  applicable  state  and  local  taxes  or  shipping  to  recipient's  address.  Offers  cannot  be  combined  with  any  other  offer  or  discount  and  are 
•joo d  while  supplies  last.  All  featured  offers  available  in  U.S.  only.  Savings  based  on  HP  published  list  prices  of  configure-to-order  equivalent  ($3125  -  $850  Instant  savings  =  SmartBuy  price  of 
:.  2.275).  1  Financing  available  through  Hewlett-Packard  Financial  Services  Company  (HPFS)  to  qualified  commercial  customers  in  the  U.S,  and  subject  to  credit  approval  and  execution  of  standard 
'FS  documentation  Prices  shown  are  based  on  a  lease  of  48  months  in  terms  with  a  fair  market  value  purchase  option  at  the  end  of  the  term.  Rates  based  on  an  original  transaction  size  between 
C  '  000  and  $25,000.  Other  rates  apply  for  other  terms  and  transaction  sizes.  Financing  available  on  transactions  greater  than  $349  through  September  30, 2008.  HPFS  reserves  the  right  to  change 
cancel  these  proyrams  at  any  time  without  notice.  AMD,  the  AMD  Arrow  logo,  AMD  Opteron,  and  combinations  thereof  are  trademarks  of  Advanced  Micro  Devices,  Inc.  ©2008  Hewlett-Packard 
■  iopment  Company,  L.P.  Tne  information  contained  herein  is  subject  to  cnange  without  notice. 


■  EDITOR’S  NOTE 

Don  Tennant 

Who’s  Anticompetitive? 

THE  MORE  I  think  about  it,  the  more  annoyed  I  get. 

There’s  just  something  fundamentally  wrong  when 
a  U.S.  company  isn’t  allowed  to  compete  in  a  mar¬ 
ket  where  the  rest  of  the  world  is  free  to  benefit 
from  commercial  engagement  and  entrepreneurism. 


The  market  I’m  refer- 
1  ring  to  is  Cuba.  I  really 
«  hadn’t  given  the  issue  much 
|  thought  prior  to  my  recent 
®  interview  with  Allison  Wat- 

*  son,  Microsoft’s  corporate 
!  vice  president  in  charge 

j  of  its  worldwide  partner 
j  group.  I  asked  Watson 
\  whether  she  was  aware  of 
i  any  Microsoft  partners  that 

*  have  done  business  with 

§  Cuba,  Iran  or  North  Korea. 

“I’m  not  aware  whether 
J  there  are  or  aren’t,”  she 
\  replied.  “We  do  have  local 
J  subsidiaries  that  operate  in 
s  markets  around  the  world, 
j  For  example,  I  have  a  team 
j  that  operates  in  Latin 
{  America  —  they  would 
j  probably  know  if  there  is 
!  anything  going  on.” 

Now,  one  could  argue 
>  that  the  head  of  Micro- 
|  soft’s  global  partner  op- 
!  erations  should  be  more 
i  up  to  speed  on  the  status 
»  of  gray-market  activity 
;  involving  the  company’s 
\  products,  at  least  with 
J  respect  to  its  business 
'  partners.  But  you  have  to 
i  give  Watson  credit  for  her 
candor  in  acknowledging 
J  that  she  didn’t  know. 

The  second  part  of  Wat- 
!  son’s  response  is  what  re- 
I  ally  intrigued  me,  though. 


“Frankly,  from  a  Cuba 
perspective,  Cuba’s  not  a 
bad  word  to  anyone  out¬ 
side  of  the  United  States,” 
she  said. 

She’s  right,  of  course. 
The  U.S.  pretty  much 
stands  alone  in  its  refusal 
to  engage  Cuba  and  en¬ 
able  the  citizens  of  both 
countries  to  benefit  from 
investment  there.  And  that 
refusal  hurts  no  one  more 
than  U.S.  companies,  in¬ 
cluding  Microsoft. 

No  doubt,  Microsoft 
products  have  been  widely 
used  in  Cuba  for  years. 
And,  no  doubt,  the  great 
majority  of  those  products 
are  pirated.  Microsoft  has 
been  able  to  effectively  ad¬ 
dress  the  piracy  problem 
in  countries  like  China, 
where  our  government  al¬ 
lows  it  to  operate  despite 
our  political  differences. 
As  a  result,  software  pi¬ 
racy  in  China  is  less  outra¬ 
geous  than  it  has  been  in 

H  The  difference 
is  that  Microsoft 
has  a  subsidiary  in 
Caracas.  In  Cuba, 
it’s  not  even  al¬ 
lowed  to  compete. 


the  past,  and  Microsoft  has 
reaped  the  financial  ben¬ 
efits  of  that. 

But  when  you’re  not  al¬ 
lowed  to  commercially  en¬ 
gage  a  country,  you  lose. 

At  a  technology  confer¬ 
ence  in  February  last  year, 
the  Cuban  government 
declared  its  intention  to 
rid  itself  of  Microsoft 
software  in  favor  of  open- 
source  alternatives.  Ac¬ 
cording  to  an  Associated 
Press  report,  Communi¬ 
cations  Minister  Ramiro 
Valdes,  who  opened  the 
conference,  suggested  that 
Microsoft  was  cooperating 
with  U.S.  military  and  in¬ 
telligence  authorities,  and 
he  proclaimed  that  IT  is  a 
battlefield  on  which  Cuba 
is  fighting  imperialism. 

That  event  was  remi¬ 
niscent  of  a  March  2006 
technology  fair  held  by 
Venezuela’s  science  and 
technology  ministry  to 
promote  the  use  of  open- 
source  software  instead  of 
Microsoft  products.  Anti- 
American  rhetoric  is  at 
least  as  harsh  in  Venezuela 
as  it  is  in  Cuba,  and  it  has 
been  since  2004,  when 
Venezuelan  President 
Hugo  Chavez  decreed  that 
all  public  institutions  there 


must  adopt  open-source 
strategies.  The  difference 
is  that  Microsoft  has  a 
subsidiary  in  Caracas.  In 
Cuba,  it’s  not  even  allowed 
to  compete. 

I  posted  an  earlier  ver¬ 
sion  of  this  column  in 
my  blog,  and  it  drew  an 
insightful  comment  from  a 
reader  who  noted  that  the 
world  has  changed. 

“When  we  left  Vietnam, 
we  thought  it  was  lost 
forever.  Now  it  is  an  ally. 
Later,  Libya  was  a  threat, 
and  with  the  same  leader 
as  back  then,  they  are  now 
considered  our  ally,”  the 
reader  wrote.  “Yet  after 
four  and  a  half  decades, 
our  obstinacy  has  prevent¬ 
ed  us  from  [engaging]  one 
of  our  closest  neighbors 
and  has  prevented  our 
companies  from  benefiting 
from  the  changes  that  have 
occurred  there.  We  are 
truly  the  last  bastion  that 
has  failed  to  recognize  that 
the  ghost  of  Khrushchev 
is  gone.” 

He’s  right.  And  that’s  not 
all.  There’s  a  certain  irony 
in  the  U.S.  government 
thwarting  competition  at 
the  expense  of  companies 
such  as  Microsoft.  Looking 
at  it  that  way  makes  the 
position  that  the  govern¬ 
ment  has  famously  taken 
against  Microsoft  seem 
awfully  hypocritical.  ■ 

Don  Tennant  is  editorial 
director  of  Computerworld 
and  InfoWorld.  Contact 
him  at  don_tennant@ 
computerworld.com,  and 
visit  his  blog  at  http:// 
blogs.computerworld.com/ 
tennant. 
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■  LETTERS 


Middle  Managers  Hate 
To  Deliver  Bad  News 

I  found  Don  Tennant’s  July  14 
Editor’s  Note,  “Insight  and  Denial,” 
interesting  and  accurate,  but  I’d  like 
to  make  an  observation. 

I  used  to  work  at  a  telephone 
company.  It  seemed  to  me  that  the 
workers  were  more  than  happy  to 
ensure  that  problems,  delays  and 
other  challenges  were  relayed  up 
the  line.  Middle  managers  were  an¬ 
other  matter. 

At  one  meeting,  I  and  another 
subject-matter  expert  expressed 
grave  concern  about  a  key  com¬ 
ponent  that  was  missing  from  the 
overall  architecture  and  design  on 
a  development  technology  the  com¬ 
pany  was  exploring.  In  fact,  without 
that  key  component,  the  entire  busi¬ 
ness  model  around  the  initiative 
was  unachievable. 

The  initiative  was  a  pet  project 
of  the  director  and  one  of  his  key 
colleagues.  So,  at  the  meeting,  our 
boss  told  us  that  there  was  no  way 
he  was  going  to  deliver  bad  news  to 
those  two.  And  he  didn’t!  Needless 
to  say,  the  project  never  succeeded, 
a  tremendous  amount  of  money  was 
wasted,  and  the  stated  desired  de¬ 


liverables  never  materialized. 

I’d  like  to  think  the  troops  want 
to  be  honest,  but  the  people  in  the 
middle  often  act  as  the  filters  that 
change  red  warnings  to  a  more 
rosy  hue. 

■  John  R.  Dueckman, 

Langley ,  British  Columbia 

The  importance 
Of  Camaraderie 

I  loved  Don  Tennant’s  Editor’s  Note 
“Taming  the  Beast”  [June  30].  I 
couldn’t  agree  more.  For  over  five 
years,  I  have  worked  in  a  small  rural 
health  system,  in  total  isolation  as 
the  only  IT  person  on  staff. 

I  left  a  larger  system  with  a  mature 
IT  department  to  come  here,  and  as 
I  reflect  on  that  experience,  it  is  the 
camaraderie  that  I  miss  the  most. 

If  I  am  able  to  grow  my  present  IT 
department  to  that  size  someday,  I 
will  make  it  my  highest  priority  to 
promote  the  type  of  environment 
that  has  been  developed  by  the 
companies  that  Tennant  mentioned. 

■  Andy  Caldwell,  IS  director, 

George  Regional  Health  System, 
Lucedale,  Miss., 
andy@georgeregional.com 
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When  Security 
Staffers  Fail  Up 

Think  your  security  staffers  are  trustworthy? 
Competent?  Knowledgeable?  Ask  a  security 
professional  for  horror  stories,  and  you  might 
think  twice.  Here  are  some  suggestions  on 
coping  with  the  painfully  underqualified  or 
chronically  overwhelmed. 


Transforming  the 
Data  Center  From  Hell 

Extreme  heat,  a  danger¬ 
ous  server  layout,  non¬ 
existent  service  and  other 
major  problems  were 
ultimately  resolved 
by  these  three  IT  manag¬ 
ers  focused  on  change. 


Are  You  a  Twit?  Us,  Too! 

Wonder  what  we’re  working  on  for  next 
week’s  print  edition?  Need  breaking  news 
as  it  happens?  Follow  Computerworld  on 
Twitter  to  stay  informed. 

Build  a  Two-Screen 
Workstation  for 
$230  or  Less 

If  you  want  to  expand  the  visual  capabilities 
of  your  laptop  -  and  boost  your  productivity 
-  you  can  add  two  monitors  without  spending 
a  lot  of  time  or  money. 


Software  for  connectivity  and  speed. 


If  you  want  the  highest  performance  from  connected 
systems,  work  with  InterSystems  Ensemble®  software. 

This  rapid  integration  platform  has  a  technology  stack 
that  includes  the  world's  fastest  object  database  - 
InterSystems  Cache®.  Cache's  lightning  speed,  massive 
scalability,  advanced  object  technology,  and  rapid  develop¬ 
ment  environment  give  the  Ensemble  platform  unmatched 
capabilities.  Ensemble  users  who  have  switched  from 
other  integration  products  report  they  can  create 
integrated  solutions  in  half  the  time,  and  their  message 
processing  is  twice  as  fast. 


In  addition,  end-to-end  management  is  vastly 
simplified  because  the  embedded  Cache  database 
provides  a  repository  for  every  message  generated,  and 
for  the  current  state  of  every  business  process.  Thanks  to 
its  robust  database  engine,  Ensemble  messages  are  never 
lost,  and  an  interrupted  business  process  can  always 
restart  from  the  point  of  interruption. 

For  30  years,  we’ve  been  a  creative  technology  partner 
for  leading  enterprises  that  rely  on  the  high  performance  of 
our  products.  Ensemble  and  Cache  are  so  reliable  that  the 
world's  best  hospitals  use  them  for  life-or-death  systems. 


IhterSystems 

See  product  demonstrations  at  InterSystems.com/Connect5A 


©  2008  InterSystems  Corporation.  All  rights  reserved.  InterSystems  Ensemble  and  InterSystems  Cach£  are  registered  trademarks  of  InterSystems  Corporation.  Other  product  names  are  die  trademarks  of  their  respective  vendors.  7-08  Work5  CoWo 
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STORAGE 

Brocade  Takes 
Aim  at  Cisco  with 
$3B  Foundry  Deal 


STORAGE  networking 
company  Brocade 
Communications 
Systems  Inc.  last  week 
agreed  to  acquire  Foundry 
Networks  Inc.,  a  maker  of 
enterprise  LAN  technology, 
for  about  $3  billion  in  cash 
and  stock. 

The  deal,  expected  to 
close  in  the  fourth  quarter, 
would  combine  a  specialist 
in  enterprise  Ethernet  LANs 
and  a  maker  of  Fibre  Chan¬ 
nel  storage-area  network 
switches  for  data  centers, 
two  technologies  that  are 
headed  toward  a  merger 
themselves. 

Brocade  has  been  a  backer 
of  the  proposed  Fibre  Chan¬ 
nel  over  Ethernet  (FCoE) 
standard.  The  addition  of 
Ethernet  technology  from 
Santa  Clara,  Calif.-based 


Foundry  would  make  it  a 
stronger  alternative  to  mar¬ 
ket  leader  Cisco  Systems 
Inc.,  the  other  major  backer 
of  FCoE  technology,  accord¬ 
ing  to  analysts. 

For  example,  Zeus  Ker- 
ravala,  an  analyst  at  Yankee 
Group  Research  Inc.,  said 
that  Brocade’s  purchase  of 
Foundry  gives  it  the  Ether¬ 
net  technology  it  needs  to 
become  the  second-most- 
powerful  vendor  of  FCoE 
technology. 

So  far,  he  said,  Cisco  has 
been  the  only  company  with 
both  the  vision  and  technol¬ 
ogy  to  create  a  FCoE  unified 
fabric.  Brocade,  on  the  other 
hand,  has  had  the  FCoE  vi¬ 
sion  but  not  the  Ethernet 
goods,  Kerravala  said. 

“If  the  concept  of  unified 
[Fibre  Channel  and  Ether- 


$6Q7.2M 
(through  Dec.  31) 


Ethernet  LAHa 
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THE  WEEK  AHEAD 

MONDAY:  Microsoft  researchers  and  those  from  academic 
institutions  and  government  agencies  gather  for  an  annual 
meeting  in  Redmond,  Wash.,  on  technology  R&D  issues. 

MONDAY:  The  Usenix  Security  ’08  symposium  opens  in  San 
Jose  with  a  two-day  IT  security  training  program,  followed  by 
a  three-day  technical  conference. 

FRIDAY:  Sun  Microsystems  is  scheduled  to  report  the  results 
for  its  fiscal  fourth  quarter. 


net]  fabric  really  does  come 
true,”  he  added,  “there  are 
really  only  two  vendors 
[now].” 

Greg  Schulz,  an  analyst 
at  StoragelO  Group  in  Still¬ 
water,  Minn.,  agreed,  noting 
that  the  combined  company 
would  be  the  only  alterna¬ 
tive  to  Cisco  for  networking 
tools  that  reach  from  the  In¬ 
ternet  to  the  data  center. 

The  combined  company 
will  be  led  by  Brocade  CEO 
Michael  Klayko  and  use 
only  the  Brocade  brand, 
executives  said  on  a  confer¬ 
ence  call  with  reporters  fol¬ 
lowing  the  announcement. 

The  companies  haven’t 
yet  defined  a  role  for  Bobby 
Johnson,  founder,  president 
and  CEO  of  Foundry,  but 
the  30-year  networking 
veteran  said  he  will  stay  on 
board. 

“I’m  committed  to  making 
this  happen,  and  I’m  com¬ 
mitted  to  helping  Mike  and 
both  teams,”  Johnson  said. 

Executives  said  that  the 
deal  is  not  expected  to  re¬ 
sult  in  layoffs  of  personnel 
from  either  company. 

“Our  business  models 
and  technologies  are  ex¬ 
tremely  synergistic,”  said 
Marty  Lans,  senior  director  i 
of  product  management  for 
data  center  infrastructure  at 
San  Jose-based  Brocade. 

Twelve-year-old  Foundry 
has  about  1,100  employees. 

—  Stephen  Lawson, 
IDG  News  Service 


last  week 

dropped  the  price  of  seven 
processors  by  up  to  31%. 

Intel  said  it  was  lowering 
the  price  of  the  3.16-GHz 
Core  2  Duo  E8500  by  31% 
to  $183.  Intel  cut  the  prices 
of  the  Core  2  Duo  2.53-GHz 
E2700  chip  and  the  3-GHz 
E8400  model  by  15%  and 
11%,  to  $113  and  $163, 
respectively.  The  price  tag 
for  the  company’s  Core  2 
Q6600  2.4-GHz  quad  pro¬ 
cessor  was  reduced  from 
$224  to  $193,  or  14%.  In 
addition,  the  prices  of  three 
Xeon  server  chips  were  cut 
by  11%  to  12%,  Intel  said. 

The  latest  reductions  come 
just  three  months  after  the 
vendor  slashed  the  prices 
on  about  a  dozen  other  proc¬ 
essors  by  up  to  50%. 

Dan  Olds,  an  analyst  at 
Gabriel  Consulting  Group 
Inc.,  said  Intel  is  likely  cut¬ 
ting  prices  to  reduce  inven¬ 
tory. 

“Intel  wants  to  keep  [these 
chips]  moving  out  the  door 
right  up  until  they’re 
I  discontinued,”  he 

rnl  I  added.  “The  new 

~  1 

stuff  is  faster 
;  and  better,  so 
you  have  to 
cut  prices 
on  the  old  stuff 
to  keep  it  moving.” 

-  SHARON  GAUDIN 
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Don't  Push  Your  Luck 
With  Your  Push  To  Talk. 


Veri70nwireless 
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MAKE  THE  SWITCH  TO  VERIZON  WIRELESS. 

Make  your  business  instantly  more  productive  by  upgrading  to  the  only  Push  to  Talk  service 
that  comes  with  the  Verizon  Wireless  Network  and  its  reliable  voice  service,  coast-to-coast 
coverage  and  24/7  customer  service.  Verizon  Wireless.  The  smart  choice  for  Push  to  Talk. 


Let  Verizon  Wireless  be  your  "go-to"  guy  for  Push  to  Talk  you  can  count  on. 


Call  1 .800.VZW.4BIZ  Clickverizonwireless.com/pushtotalk  Visit  a  Verizon  Wireless  store 

Push  to  Talk  is  available  only  with  other  VZW  Push  to  Talk  subscribers;  coverage  not  available  everywhere.  Network  details  &  coverage  maps  at  vzw.com.  ©  2008  Verizon  Wireless. 
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SAP  Opts  to  Shutter 
TommorrowNow 
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SAP  AG  last  week  an¬ 
nounced  plans  to 
close  its  Tomorrow- 
Now  Inc.  subsidiary  later 
this  year,  after  failing  to 
find  a  buyer  for  the  support 
operation. 

TommorrowNow  has 
been  entangled  in  legal 
troubles  since  March  2007, 
when  Oracle  Corp.  filed 
a  lawsuit  contending  that 
the  SAP  unit  had  illegally 
downloaded  support  data 
from  Oracle’s  Web  site. 
Four  months  later,  SAP 
admitted  to  making  “inap¬ 
propriate  downloads”  of 
content  from  Oracle  data¬ 
bases,  but  the  lawsuit  was 
not  dropped. 

An  SAP  spokesman  de¬ 
clined  to  say  whether  the 
lawsuit  had  prompted  the 
company  to  shut  down  the 
unit,  but  he  acknowledged 
that  the  legal  issues  were 
complicating  efforts  to 
find  a  buyer  for  it.  SAP  had 
disclosed  last  November 
that  it  was  looking  to  sell 
TomorrowNow.  The  an¬ 
nouncement  coincided  with 
the  resignation  of  Tomorrow- 


Now’s  top  executives. 

“It  would  have  been 
an  extremely  complex 
transaction  for  the  seller 
and  buyer  because  of  [the 
lawsuit].  Therefore,  we  de¬ 
cided  to  close  down  opera¬ 
tions,”  the  spokesman  said. 

Attorneys  represent¬ 
ing  Oracle  in  the  lawsuit 
against  SAP  estimated  last 
month  that  damages  in  the 
case  could  surpass  $1  bil¬ 
lion.  A  trial  is  scheduled  to 


TIMELINE 


MARCH  22, 2007:  Oracle 
sues  SAP  and  its  subsid¬ 
iary,  TomorrowNow,  for 
downloading  support  ma¬ 
terials  from  its  Web  site. 

JULY  2, 2007:  SAP  ad¬ 
mits  that  TommorowNow 
personnel  made  “inap¬ 
propriate  downloads”  from 
the  Oracle  site. 


NOV.  19, 2007:  CEO 
Andrew  Nelson  and  sev¬ 
eral  other  TomorrowNow 
senior  managers  abruptly 
resign  from  the  firm. 

JULY  21, 2008:  SAP  an¬ 
nounces  it  will  shut  down 
TomorrowNow  by  Oct.  31. 


begin  in  February  2010. 

SAP  said  it  plans  to  help 
TomorrowNow’s  225  cus¬ 
tomers  find  new  support 
vendors  before  it  formally 
closes  the  subsidiary  on 
Oct.  31.  The  spokesman 
said  SAP  will  recommend 
multiple  options,  “including 
choosing  Oracle  support.” 

TomorrowNow  provides 
maintenance  and  support 
for  Oracle’s  applications, 
including  PeopleSoft, 

Siebel  and  J.D.  Edwards 
products.  SAP  acquired  the 
firm  in  2005. 

Ray  Wang,  an  analyst 
at  Forrester  Research 
Inc.,  said  that  while  the 
Oracle  lawsuit  was  likely 
a  key  reason  for  closing 
TomorrowNow,  SAP  also 
may  have  underestimated 
the  “uncharted  territory”  of 
running  a  third-party  sup¬ 
port  operation.  “I  think  they 
thought  the  environment 
around  TomorrowNow 
would  be  different,”  he  said. 
“[It  was]  a  lesson  learned 
in  terms  of  acquisition  and 
business  model.” 

Despite  the  problems, 
SAP  could  have  made  a  suc¬ 
cess  of  TommorrowNow, 
given  the  demand  for  third- 
party  support,  Wang  added. 

—  Brian  Fonseca,  with  Peter 
Sayer  of  the  IDG  News  Service 


Short 

Takes 

A  federal  judge  in 
Seattle  sentenced  Rob¬ 
ert  Soloway,  known  as 
the  “spam  king,”  to  47 
months  in  prison  for  send¬ 
ing  massive  volumes  of 
junk  e-mail.  Prosecutors 
say  Soloway  earned  more 
than  $700,000  in  three 
years  from  the  spamming 
activities. 

Ovidiu-lonut  Nicola- 

Roman,  22,  of  Romania, 
pleaded  guilty  to  a  federal 
fraud  charge  for  setting 
up  fake  Web  sites  to  steal 
credit  card  data.  He  faces 
up  to  five  years  in  prison 
and  a  $250,000  fine. 

Microsoft  Corp,  has 

agreed  to  buy  privately 
held  Datallegro  Inc.,  a 

maker  of  data  warehouse 
appliances,  for  an  undis¬ 
closed  sum. 


j  EDITOR’S  NOTE 

>  Computerworld  last  week 
i  won  15  editorial  awards,  including 
j  2008  Web  Site  of  the  Year,  from 
i  the  American  Society  of  Business 
!  Publication  Editors.  Computerworld 
'  also  won  gold  awards  for  Web 
!  features,  government  coverage, 

!  opinion  columns,  infographics 
!  and  cover  at  the  ASBPE’s  edito- 
!  rial  confab  in  Kansas  City,  Mo. 


BUSINESS  INTELLIGENCE 

TSA  Leans  on  B1  to  Save 
S100M  Over  Two  Years 


THE  FEDERAL  Transportation 
Security  Administration  (TSA) 
last  week  said  it  estimates 
that  its  use  of  business  intel¬ 
ligence  software  to  manage  its 
workers  will  have  saved  it  about 
$100  million  over  a  two-year 
period  ending  this  fail. 

The  agency’s  Performance 
information  Management  Sys¬ 
tem  (PIMS),  which  is  based  on 


Bl  reporting  and  analytics  tools 
from  MicroStrategy  Inc.,  allowed 
the  TSA  to  streamline  operations 
and  significantly  cut  worker 
overtime  costs  between  October 
2008  and  October  2008,  a 
spokesman  said. 

The  TSA  installed  the  system 
in  November  2004.  PIMS  col¬ 
lects,  analyzes  and  reports  pas 
senger  and  baggage-screening 


A  The  TSA  has  significantly  cut 
worker  overtime  costs  using  Bl. 


data  and  provides  operational 
performance  metrics  to  manag¬ 
ers.  PIMS  also  analyzes  payroll 
»  data  and  TSA  staff  utilization. 

J  The  agency  said  it  uses  the 
!  system  to  run  1  million  reports 
I  annually  for  12,000  internal 


users. 

“The  TSA  is  a  metrics-based 
organization,”  the  spokesman 
noted. 

Wayne  Eckerson,  director  of 
research  and  services  at  The 
Data  Warehousing  Institute, 
said  the  focus  on  metrics  allows 
the  TSA  to  avoid  getting  “ham¬ 
strung”  because  it  doesn’t  rely 
on  intuition  to  make  decisions 
or  have  information  stored  in 
disparate  spreadsheets,  data 
marts  and  reports. 

-  HEATHER  HAVENSTEIN 
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_DAY  48:  We’re  sitting  on  a  giant  mountain  of  information 
but  we  can’t  use  it  to  drive  the  business  forward.  We 
need  info  we  can  trust.  We  need  info  we  can  act  on. 

_We  need  to  get  Gil  an  oxygen  tank. 

_DAY  50:  I’m  taking  back  control  with  IBM.  Their  Information 
On  Demand  portfolio  can  help  us  optimize  our  business  by 
unlocking  the  real  value  of  our  information.  Now  we  have 
everything  we  need,  including  software,  services  and 
storage,  for  an  end-to-end  solution.  We  can  turn  trusted 
business  info  into  actionable  insight. 

_We  made  the  goat  our  office  mascot.  He  eats  paperwork. 


Watch  the  Information  On  Demand  video  at: 

IBM.COM/TAKEBACKCONTROL/INFO 


Information  Management 


IBM,  the  IBM  logo,  ibm.com  am 
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GOVERNMENT  IT 

Pentagon  Looks  to  UPS, 
FedEx,  Others  for  IT  Advice 


The  u.s.  Defense  Infor¬ 
mation  Systems  Agen¬ 
cy  (DISA)  is  turning  to 
a  wide  range  of  companies 
to  find  new  ways  to  support 
the  Department  of  Defense 
and  the  branches  of  the  U.S. 
armed  services. 

Agency  officials 
have  met  with  a  va¬ 
riety  of  major  com¬ 
panies  —  including 
Google,  UPS,  Ama¬ 
zon,  Sabre  and  FedEx 
—  over  the  past  year 
to  talk  about  how  the 
companies  use  tech¬ 
nology,  said  DISA 
CIO  John  Garing, 
a  retired  Air  Force 
colonel. 

So  far,  the  meetings  have 
convinced  DISA,  which 
provides  contracted  IT 
services  and  support  to  the 
U.S.  military,  that  so-called 
cloud  computing  is  “going  to 
be  the  way  [to  go]  —  it  has 
to  be.  We  have  to  get  to  this 
standard  environment  that 
is  provisionable  and  scal¬ 
able,”  Garing  said. 

In  fact,  he  said  that  DISA 
plans  to  soon  deploy  a 
system  that’s  similar  archi¬ 
tecturally  to  Amazon.com 
Inc.’s  Elastic  Compute  Cloud 
technology,  a  Web-based 
service  that  lets  users  quick¬ 
ly  scale  up  their  processing 
capabilities. 

DISA’s  system,  called  the 
Rapid  Access  Computing 
Environment,  or  RACE,  is 
slated  for  launch  in  Octo¬ 
ber,  the  start  of  the  federal 
government’s  fiscal  year. 

Garing  said  he  was  also 
impressed  with  Google 
Inc.’s  process  of  moving 
strong  new  product  ideas 
from  the  laboratory  to  beta 
testing  to  real  users  in  just  a 
few  months. 


DISA  officials  took  a  close 
look  at  systems  created  by 
Amazon  and  Sabre  Holdings 
Corp.’s  Travelocity.com  unit 
that  help  IT  prepare  for  the 
unexpected,  he  added. 

Ray  Bjorklund,  an  analyst 
at  consulting  firm  Fed¬ 
eral  Sources  Inc.  in 
McLean,  Va.,  noted 
that  the  agency  often 
has  to  compete  with 
private-sector  IT 
services  firms  for 
the  military  busi¬ 
ness.  DISA’s  moves 
to  enlist  help  from 
such  technologically 
advanced  companies 
will  help  it  gain  busi¬ 
ness  in  the  long  run,  he  said. 

“DISA  is  very  conscientious 
of  its  position  as  a  service 
provider,”  Bjorklund  added. 

—  Patrick  Thibodeau 


Global . 
Dispatches 

Radar  Hit  by  Faulty 
Network  Card 

DUBLIN  -  A  faulty  network 
card  earlier  this  month  caused 
a  failure  in  the  radar  system  at 
Dublin  Airport  that  continues 
to  cause  some  flight  delays. 

The  Irish  Aviation  Authority 
said  in  a  statement  that 
Thales,  the  France-based  sup¬ 
plier  of  the  airport’s  air  traffic 
management  system,  con¬ 
firmed  that  the  radar  failure 
was  caused  by  “an  intermittent 
malfunctioning  network  card 
which  consequently  overcame 
the  built-in  system  redundancy.” 

Thales  officials  were  un¬ 
available  for  comment. 

Airport  officials  warned  that 
flight  delays  could  continue  for 
several  weeks  as  engineers 


BETWEEN  THE  LINES  By  John  Klossner 


Kevin  Johnson  resigned 
as  president  of  Microsoft 
Corp.’s  platforms  and  ser¬ 
vices  division  to  join  Juniper 
Networks  Inc.  as  CEO. 

Yahoo  Inc  has  reached  an 
agreement  to  end  a  proxy 
fight  with  investor  Carl 
Icahn,  who  will  withdraw  his 
nominees  for  board  seats 


and  take  a  seat  on  the  board 
after  the  annual  stockhold¬ 
ers’  meeting  Aug.  1. 

A  glitch 

in  the  computer  system  con¬ 
necting  the  Worldspan  glob¬ 
al  distribution  system  and 
Northwest  Airlines’  airport 
computer  systems  delayed 
more  than  200  flights. 


install  and  test  better  system¬ 
monitoring  tools. 

Leo  King, 

Computerworld  U.K. 

E-health  Research 
Gets  $20M  Boost 


monitoring  systems  for  patients 
recovering  from  heart  prob¬ 
lems,  and  improved  imaging 
techniques  to  facilitate  early  di¬ 
agnosis  of  Alzheimer’s  disease. 
Rodney  Gedda, 
Computerworld  Australia 


BRISBANE,  Australia -The 
Australian  e-Health  Research 
Centre  last  week  was  awarded 
$20  million  Australian 
($19.1  million  U.S.)  from  the 
federal  and  Queensland  gov¬ 
ernments  to  fund  operations 
through  2012. 

The  five-year-old  opera¬ 
tion,  based  at  the  University  of 
Queensland’s  Centre  for  Clini¬ 
cal  Research  at  the  Royal  Bris¬ 
bane  and  Women’s  Hospital,  is 
a  joint  venture  of  the  Common¬ 
wealth  Scientific  and  Industrial 
Research  Organization  and  the 
Queensland  government. 

Researchers  at  the  center 
are  developing  tools  including 
training  simulations,  home 


BRIEFLY  NOTED 

The  Kent  County  Council 
in  Maidstone,  England,  has 
awarded  a  £32  million 
($64  million  U.S.)  contract 
to  Unisys  Corp.  to  create  and 
manage  a  WAN  to  connect 
more  than  1,000  sites.  The 
Kent  Public  Service  Network 
will  connect  schools,  council 
offices,  libraries  and  other 
public  facilities,  providing  us¬ 
ers  with  greater  bandwidth. 
Computerworld 
U.K.  staff 
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.DAY  45:  Too  many  servers.  Too  many  cables.  Too  much 
time  and  money  spent  running  a  growing  list  of 
applications.  We’re  getting  consumed  by  complexity! 

.DAY  46:  I  decided  to  consolidate  everything  with  IBM 
BladeCenter.®  Its  ability  to  run  Windowsf  Linuxf  UNIX® 
and  IBM  i  makes  it  the  smartest  way  to  optimize  our  IT. 
Now  we  can  run  almost  any  current  or  future  application 
using  only  one  chassis,  one  management  system.  This  will 
help  us  save  a  bundle  on  energy  and  management  costs. 

.DAY  47:  Gil  volunteered  to  help  IBM  recycle  our  old  cable 
spaghetti.  He  said  not  to  worry — he  was  on  top  of  it. 


IBM  the  IBM  logo  ibm  com,  BladeCenter  and  Take  Back  Control  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States,  other  countries, 
or  both  If  these  and  other  IBM  trademarked  terms  are  marked  on  their  first  occurrence  in  this  information  with  a  trademark  symbol  f  or  ’),  these  symbols  indicate  U.S.  registered  or  common  law 
trademarks  owned  by  IBM  at  the  time  this  information  was  published.  Such  trademarks  may  also  be  registered  or  common  law  trademarks  in  other  countries.  A  current  list  of  IBM  trademarks  ts 
available  on  the  Web  at  "Copyright  and  trademark  information’’  at  www.ibm.com/legal/copytrade.shtml.  Microsoft  and  Windows  are  trademarks  of  Microsoft  Corporation  ,n  the  United  Star  other 
countries  or  both  Linux  is  a  registered  trademark  of  Linus  Torvalds  in  the  United  States,  other  countries,  or  both.  UNIX  is  a  registered  trademark  of  The  Open  Group  in  the  United  States  and 
other  countries  Other  company,  product,  or  service  names  may  be  trademarks  or  service  marks  of  others.  ©2008  IBM  Corporation.  All  rights  reserved. 
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Hybrid  Systems  On 
Course  to  Speed 
Corporate  Apps 

Firms  in  some  industries  could 
use  petaflop  performance  to 
perform  complex  calculations. 

By  Sharon  Gaudin 


WHEN  YOU’RE 
dealing  with 
nuclear  weap¬ 
ons,  figuring 

out  problems  and  figuring 
them  out  fast  is  Job  One. 

For  scientists  at  Los  Alamos 
National  Laboratory,  that 
means  having  the  most  com¬ 
puting  power  possible. 

For  about  a  year,  the 
federal  security  research 
facility  in  Los  Alamos,  N.M., 
has  used  an  IBM-built  super¬ 
computer,  dubbed  Roadrun- 
ner,  whose  peak  perfor¬ 
mance  is  about  70  teraflops. 

Today,  that’s  not  enough. 
So  Los  Alamos  is  getting 
ready  to  fire  up  a  new  incar¬ 
nation  of  IBM’s  Roadrunner, 


a  hybrid  machine  that  will 
provide  the  scientists  with 
a  lot  more  power  — 1.026 
quadrillion  calculations  per 
second  —  once  it’s  installed 
this  fall. 

The  $200  million  hybrid 
system  still  runs  the  AMD 
Opteron  chips  of  the  origi¬ 
nal  Roadrunner  but  adds 
Cell  chips  that  were  first 
designed  for  the  PlayStation 
3  gaming  console.  In  tests 
conducted  this  spring,  the 
new  supercomputer  became 
the  first  machine  to  break 
the  petaflop  barrier. 

Much  of  the  performance 
boost  came  from  the  Cell 
chip,  developed  jointly  by 
IBM,  Toshiba  Corp.  and 


Sony  Computer  Entertain¬ 
ment  Inc.,  to  handle  high- 
performance  computations 
for  video  games.  That 
also  makes  it  will  suited 
to  handle  other  complex 
calculations,  and  “bitwise” 
operations  like  generating 
random  numbers. 

The  well-publicized  tests 
have  attracted  the  attention 
of  IT  managers  in  a  variety 
of  industries  who  increas¬ 
ingly  need  significant  per¬ 
formance  boosts  without 
the  corresponding  rise  in 
energy  demands. 

The  companies  that  are 
generally  out  in  front  of 
new  technologies  —  finan¬ 
cial  services  firms,  phar¬ 
maceutical  manufacturers 
and  petroleum  giants  —  are 

Definition 

HYBRID  COMPUTER:  A 

computer  running  more 
I  than  one  type  of  proces¬ 
sor.  IBM’s  Roadrunner 
hybrid,  for  instance,  runs 
a  combination  of  AMD 
Opterons  and  IBM  Cell 
chips,  which  accelerate 
the  processing  of  com¬ 
plex  calculations. 


«  Repsol  YPF  is  using  hybrid 
computing  technology  to  map  oil 
reserves  in  the  Oulf  of  Mexico. 

expected  to  be  the  first  to 
take  on  hybrid  computing 
commercially. 

The  hardware  is  very 
costly,  and  significant  work 
is  often  required  to  adapt 
software  to  the  technology, 
leaving  early  adoption  to 
large  firms  with  big  budgets 
to  take  on  projects  that  push 
the  envelope. 

At  this  point,  a  major 
retailer  probably  wouldn’t 
want  to  use  a  large  hybrid 
system  to  run  a  network 
backbone.  But  for,  say,  a 
Wall  Street  company  that 
needs  to  gauge  risk  and 
price  derivatives,  a  hybrid- 
enhanced  performance 
boost  may  be  just  what  the 
CIO  ordered. 

Steve  Conway,  an  analyst 
at  research  firm  IDC,  noted 
that  some  companies  have 
turned  to  multicore  proces¬ 
sors  for  added  performance 
but  have  found  that  applica¬ 
tions  and  calculations  are 
running  more  slowly  than 
they  did  using  single-core 
chips. 

“[Performance  issues]  are 
causing  a  real  shift  in  the 
capability  to  get  the  work 
done,”  he  said.  “It’s  no  secret 
that  microprocessor  speeds 
stalled  out  a  few  years  ago. 
[Computer  makers]  need  to 
do  something,  [so]  they’re 
adding  accelerators.” 

Dan  Olds,  an  analyst  at 
Gabriel  Consulting  Group 
Inc.  in  Beaverton,  Ore.,  pre¬ 
dicted  that  40%  of  Fortune 
1,000  companies  will  be  us¬ 
ing  large  hybrid  computers 
within  five  years. 

Repsol  YPF  SA  is  now 
working  with  IBM  to  build  a 
supercomputer  that  will  help 
it  more  clearly  image  oil  re¬ 
serves  buried  30,000  feet  be¬ 
neath  the  surface  of  the  Gulf 
of  Mexico,  said  Francisco 

Continued  on  page  14 
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Watch  the  Smart  SOA  demo  at: 

IBM  COM/TAKEBACKCONTROL/SOA 


IBM  the  IBM  loqo  ibm  com  Smart  SOA,  WebSphere  and  Take  Back  Control  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  tl 
countries  or  both’  If  these  and  other  IBM  trademarked  terms  are  marked  on  their  first  occurrence  in  this  information  with  a  trademark  symbol  (*  or  “),  these  symbols  mdi 
common  ’law  trademarks  owned  by  IBM  at  the  time  this  information  was  published.  Such  trademarks  may  also  be  registered  or  common  law  trademarks  in  other  eountrw 
trademarks  is  available  on  the  Web  at  “Copyright  and  trademark  information"  at  www.ibm.com/legal/copytrade.shtml.  ©2008  IBM  Corporation.  All  rights  reserved. 


_DAY  54:  This  gap  between  LOB  and  IT  is  getting  out  of 
hand.  Our  business  processes  are  rigid  and  inflexible. 
We  can’t  react  to  changes  in  the  business  environment. 
We’ve  got  to  find  a  way  to  bridge  the  chasm. 

-Gil’s  gonna  jump  it.  I  think  he  needs  a  bigger  engine. 

-DAY  55:  I’m  closing  the  gap  with  a  Smart  SOA™  approach 
from  IBM.  They  offer  a  full  range  of  hardware,  software 
and  services  to  speed  alignment  of  LOB  and  IT.  They’ve 
proven  themselves  in  over  6,550  SOA  engagements  of  all 
sizes.  Now  we  have  the  agility  to  respond  to  change. 

_Gil  says  from  now  on,  he’s  not  jumping  metaphors. 


WebSphere 
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ft  The  Roadrunner  hybrid  was  developed  by  IBM  in  Poughkeepsie,  N.Y. 


Continued  from  page  12 
Ortigosa,  director  of  geo¬ 
physics  at  the  Madrid-based 
oil  and  gas  company. 

The  hybrid  system 
will  run  a  combination  of 
IBM’s  PowerPC  processor 
and  PowerXCell  8i  chip,  a 
souped-up  version  of  the 
Cell  processor,  Ortigosa 
said.  Slated  to  be  up  and 
running  early  this  fall,  the 
system  is  expected  to  have 
a  peak  performance  of 
120  teraflops,  which  likely 
would  make  it  one  of  the  top 
10  most  powerful  supercom¬ 
puters  in  the  world. 

“The  benefit  for  the  busi¬ 
ness  is  significant,”  Ortigosa 
said.  “The  oil  business  is 
a  business  of  managing 
risks.  It  is  very  difficult  to 
see  the  Earth’s  interior. 

The  clearer  the  picture,  the 
more  accurate  the  risks  can 
be  estimated  and  the  costs 
reduced.” 

Analysts  note  that  hybrid 
computing  has  slowly  to 
move  beyond  the  supercom¬ 
puter  level  to  the  server  level 
and  even  to  clients,  making 
the  technology  more  attrac¬ 
tive  to  corporate  users. 

Companies  such  as  Nvid¬ 
ia  Corp.  and  Advanced  Mi¬ 
cro  Devices  Inc.  are  starting 
to  sell  graphics  processing 
units,  or  GPUs,  as  low-cost 


accelerators  to  be  combined 
with  general-purpose  chips 
for  commercial  applications. 
That  effort  is  “in  its  infancy,” 
but  sales  for  that  purpose 
will  likely  pick  up  in  the 
coming  months,  Olds  said. 

On  the  client  side,  Toshi¬ 
ba  just  this  month  started 
shipping  its  first  hybrid 
laptops  —  the  Qosmio  G55 
line  —  which  run  a  Cell  chip 
and  an  Intel  Core  2  Duo 
processor  and  list  for  under 
$2,000.  Toshiba  has  dubbed 
its  version  of  the  Cell  chip 
the  Toshiba  Quad  Core  HD 
processor. 

“We’ve  had  hybrid  com¬ 
puting  for  some  time,”  noted 
Jack  Dongarra,  a  professor 
at  the  University  of  Ten¬ 
nessee  and  a  co-creator  of 
the  biannual  Top500  list  of 
supercomputers.  “But  there 
will  be  a  shift  [in  its  use]. 
The  next  wave  is  coming. 
They’re  being  exposed  to 
more  people.  The  graph¬ 
ics  boards  are  cheap  and 
provide  a  significant  num¬ 
ber-crunching  advantage. 
“Whenever  you  have  those 
two  things  going  for  you,  it 
moves  interest,”  he  added. 

And  chip  makers  are 
starting  to  develop  new 
hybrid  technologies  to  take 
advantage  of  IT  interest. 

Intel  Corp.,  for  instance, 


PROCESSORS:  6,948  dual¬ 
core  Opterons  on  IBM  LS21 
blades,  and  12,960  Cell  proc¬ 
essors  on  IBM  QS22  blades 

SOFTWARE:  Linux 

MEMORY:  80TB 

RACKS:  296  IBM 
BladeCenter  H  racks 

ENERGY  CONSUMPTION: 

3.9  megawatts  of  power 
(enough  to  power  39,000 
100-watt  light  bulbs) 

SIZE:  It  takes  up  6,000 
square  feet,  uses  57  miles 
of  fiber-optic  cable  and 
weighs  500,000  lb. 

has  gotten  as  far  as  develop¬ 
ing  prototypes  of  hybrid 
chips  —  with  two  different 
kinds  of  processors  on  one 
chip. 

Jerry  Bautista,  director 
of  technology  management 
in  Intel’s  microprocessor 
research  lab,  said  engineers 
there  are  working  on  put¬ 
ting  a  CPU  and  an  accelera¬ 
tor  in  the  form  of,  say,  an 
encryption  or  decryption 
engine  on  the  same  chip. 

He  added  that  the  market 
will  decide  how  quickly 
Intel  pushes  ahead  with  the 
complex  project. 

AMD,  too,  is  building  a 
single  chip  containing  both 
a  processor  and  an  accelera¬ 
tor.  Patricia  Harrell,  direc¬ 
tor  of  stream  computing  at 
AMD,  noted  that  its  engi¬ 
neers  could  come  up  with 
Opteron  and  graphics  proc¬ 
essors  on  the  same  chip,  or 
multicores  and  an  accelera¬ 
tor  on  a  single  chip. 

“We  will  be  talking  about 
mainstream  developers  tak¬ 
ing  advantage  of  a  baseline 
capability  in  desktop  and 
consumer  systems”  in  five 
to  10  years,  Harrell  said.  “It 
will  be  pervasive.” 

She  said  that  AMD  will 
likely  ship  the  first  such 
product  in  late  2009. 

Jim  McGregor,  an  analyst 


at  Scottsdale,  Ariz.-based 
In-Stat,  warned  that  despite 
the  benefits  of  the  technol¬ 
ogy  for  some  commercial 
applications,  such  imple¬ 
mentations  could  be  rocky 
early  on. 

“It  can  be  an  IT  night¬ 
mare,”  he  said.  “This  isn’t 
[yet]  something  for  the 
general  enterprise.  This  is 
for  highly  specialized  appli¬ 
cations,  no  matter  how  you 
look  at  it.  You’ve  got  to  be 
willing  to  pay.” 

One  big  engineering  chal¬ 
lenge,  said  John  Morrison, 
high-performance  comput¬ 
ing  division  leader  at  Los 
Alamos,  is  tweaking  the 
software  so  it  can  run  on 
hybrid  machines. 

To  take  advantage  of  an 
accelerator,  programmers 
have  to  rewrite  existing 
applications  so  they  send 
appropriate  data  to  the  ac¬ 
celerator.  The  developers 
must  also  add  code  to  the 
accelerator  that  tells  it  what 
to  do  with  the  data. 

Vendors  such  as  Nvidia, 
AMD  and  IBM  are  selling 
specialized  tools  designed 
to  help  make  this  repro¬ 
gramming  challenge  a  bit 
easier,  but  it’s  still  a  daunt¬ 
ing  task. 

“It  takes  some  innovation 
and  understanding  of  what 
the  algorithms  are  and  how 
the  data  flow  is  going,”  said 
Morrison,  who  noted  that 
of  everyone  on  his  IT  team, 
the  programmers  are  doing 
the  heaviest  lifting  in  the 
effort  to  bring  the  hybrid 
Roadrunner  online. 

“You  have  to  restructure 
your  code  to  do  this.  Each 
application  has  its  own 
strategy  for  what  work  will 
be  handed  off  to  the  [ac¬ 
celerator].  A  portion  of  each 
application  has  to  be  rewrit¬ 
ten,”  Morrison  explained. 
“It’s  more  of  a  challenge  for 
our  programmers  than  [for] 
our  IT  people.”  ■ 
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.DAY  41:  Our  processing  needs  and  energy  bills  keep 
growing!  We’re  spending  so  much  just  powering  and  cooling 
our  machines.  Gil  knows  where  we  can  generate  more  power. 

.He  moved  the  data  center  to  the  top  of  a  dam. 

.DAY  44:  I’ve  got  it:  IBM  Services  can  help  us  design  a 
data  center  that  runs  on  fewer,  more  energy-efficient  IBM 
Systems,  driving  utilization  up  and  costs  down.  IBM 
Systems  Director  Active  Energy  Manager™  and  IBM  Tivoli 
software  can  help  monitor  usage  and  manage  costs.  It’s  all 
part  of  their  approach  to  the  new  enterprise  data  center. 

.Good — I’m  not  that  into  dams.  I’m  more  of  a  fjord  guy. 


Tivoli. 


Find  out  how  energy  efficient  your  company  is  at: 

IBM.COM/TAKEBACKCONTBOL/EFFICIENT 


IBM.  the  IBM  logo,  tbm.com,  IBM  Systems  Director  Active  Energy  Manager,  Tivoli  and  Take  Back  Control  are  trademarks  or  registered  trademarks  of  Internationa!  Busii 
in  the  United  States,  other  countries,  or  both.  If  these  and  other  IBM  trademarked  terms  are  marked  on  their  first  occurrence  in  this  information  with  a  trademark  sym 

the  time  this  information  was  published.  Such  trademarks  may  also  be  regis 


in  the  United  States,  other  countries, 

indicate  U.S.  registered  or  common  law  trademarks  owned  by  IBM 
countries  A  current  list  of  IBM  trademarks  is  available  on  the  Web  at  “Copyright  and  trademark  information"  at  www.ibm.com/legal/copytrade.shtml. 
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City  Missed  Steps  to 
Avoid  Network  Lockout 


IT  can  set  rules  to  prevent 
disgruntled  employees  from 
causing  havoc,  execs  say. 

By  Jaikumar  Vijayan 


The  high-profile 
sabotage  this  month 
of  the  city  of  San 
Francisco’s  fiber 
backbone  network  clearly 
shows  both  the  extent  of 
damage  a  disgruntled  em¬ 
ployee  can  cause  and  the 
need  for  controls  to  mitigate 
the  risk  of  such  actions. 

City  officials  lost  admin¬ 
istrative  control  of  the  net¬ 
work’s  routers  and  switches 
for  more  than  a  week  after 
an  IT  worker  allegedly  reset 
passwords  and  refused  to 
reveal  them  prior  to  and  af¬ 
ter  his  arrest  on  July  13. 

Terry  Childs,  a  network 
administrator  in  the  city’s 
Department  of  Telecom¬ 
munications  and  Informa¬ 
tion  Services  (DTIS),  was 
charged  with  locking  up 
the  network  and  with  plant¬ 
ing  network  devices  that 
enabled  illegal  remote  ac¬ 
cess  to  the  network.  The 
FiberWAN  system  carries 
almost  60%  of  the  city  gov¬ 
ernment’s  traffic. 

He  revealed  the  pass¬ 
words  to  Mayor  Gavin 
Newsom  last  Monday,  but 
the  administrators  remained 
locked  out  of  the  city’s  VoIP 
system  and  some  depart¬ 
mental  LANs  late  last  week. 

Users  and  analysts  in¬ 
terviewed  last  week  said 
that  the  city  could  have 
avoided  the  recent  turmoil 
by  implementing  stronger 


configuration  management 
techniques  along  with  proc¬ 
esses  that  could  quickly  de¬ 
tect  when  someone  was  at¬ 
tempting  to  bypass  network 
controls. 

“I  am  completely  floored 
that  it  [would  take]  so  long 
to  restore  access  to  the 
equipment,”  said  Jim  Kirby, 
senior  network  engineer  at 
Dataware  Services,  a  Sioux 
Falls,  S.D.-based  IT  services 
provider.  “Unless  they  have 
some  crazy  uptime  require¬ 
ment  that  prevents  them 
from  rebooting  gear,  it’s 
hard  to  understand.” 

Kirby  suggested  that  any¬ 
time  it  takes  more  than  48 
hours  to  restore  access  to  a 
locked-down  network,  that 
indicates  that  “basic  net¬ 
work  administration  stan¬ 
dards”  are  not  in  place. 

Johannes  Ullrich,  chief 


technology  officer  at  the 
Bethesda,  Md.-based  SANS 
Institute’s  Internet  Storm 
Center,  noted  that  even 
though  insider  threats  are 
difficult  to  control,  strong 
network  configuration  man¬ 
agement  processes  and  a 
policy  of  separating  duties 
can  help. 

In  this  case,  the  city’s  in¬ 
ability  to  regain  access  to 
the  network  for  at  least  10 
days  suggests  that  San  Fran¬ 
cisco  has  no  backup  copies 
of  its  network  configuration 
blueprint. 

Strong  configuration 
management  processes 
ensure  that  “an  alert  is  sent 
whenever  a  configuration  is 
changed,”  Ullrich  said. 

The  San  Francisco  inci¬ 
dent  should  also  convince 
IT  that  two  or  three  admin¬ 
istrators  must  understand 
the  full  network  configura¬ 
tion  and  jointly  control  the 
passwords,  said  John  Pesca- 
tore,  an  analyst  at  Gartner 
Inc. 

He  suggested  that,  at  a 
minimum,  password  in¬ 
formation  should  be  docu¬ 
mented  and  stored  for  easy 


access  by  an  organization’s 
privileged  administrators. 

Lou  Michael,  director  of 
network  and  infrastructure 
services  in  Virginia’s  Ar¬ 
lington  County  department 
of  technology  services,  said 
his  organization  has  a  long¬ 
standing  practice  of  keeping 
passwords  with  multiple 
administrators. 

Meanwhile,  Ron  Vinson, 
deputy  director  of  San  Fran¬ 
cisco’s  DTIS  operation,  said 
last  week  that  the  agency 
has  started  preparing  a 
systemwide  analysis  to  de¬ 
termine  the  extent  of  Childs’ 
activities. 

Vinson  acknowledged 
that  by  late  last  week,  mu¬ 
nicipal  IT  managers  had 
still  not  determined  exactly 
how  many  devices  were 
illegally  installed  on  the 
WAN  to  enable  remote 
access. 

Arshad  Noor,  CEO  of 
StrongAuth  Inc.,  a  Cuper¬ 
tino,  Calif. -based  supplier 
of  compliance  and  identity 
management  products,  said 
the  San  Francisco  incident 
points  to  a  failure  by  the 
city’s  IT  managers. 

“All  in  all,  IT  manage¬ 
ment  is  responsible  for  this 
mess,  because  it  was  their 
mandate  to  avoid  this  situ¬ 
ation,”  Noor  said.  “While 
Terry  Childs  might  pay  for 
this  situation  through  jail 
time  or  fines,  management 
cannot  be  absolved  of  their 
responsibility.” 

Childs,  43,  continues 
to  be  held  in  a  city  jail  on 
$5  million  bail  after  his 
request  to  reduce  the  bond 
was  rejected  last  Wednes¬ 
day. 

Childs  has  pleaded  not 
guilty  to  multiple  charges  in 
connection  with  the  case.  A 
pretrial  hearing  has  been  set 
for  Sept.  24.  ■ 

Robert  McMillan  of  the  IDG 
News  Service  contributed  to 
this  story. 
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THOUGHTS  ON  THE  EVOLUTION  OF 
THE  DATA  CENTER 


virtualization? 


How  about 
data  center 
virtualization? 


©  2008  Brocade  Communications  Systems'.  Inc.  All  rights  reserved:  Brocade  is  a  registered  trademark.'dnd  the  B  wing  symbol  is ,a trademark  of 
Brocade  Communications  Systems,  kit.  1  '  .  '  • 


BROCADE:  THE  FIRST  STEP  IN  DATA  CENTER  VIRTUALIZATION. 

How  do  you  reap  the  benefits  of  virtualization  without  abandoning  your  existing  technology? 
The  Brocade  Data  Center  Fabric  (DCF)  architecture.  This  strategic  framework  gives  you  the 
performance,  scalability,  and  reliability  to  embrace  technologies  like  server  virtualization 
today  and  a  virtualized  data  center  tomorrow— leveraging  the  hardware  and  software 
you  already  own.  Learn  hbw  Brocade  can  power  your  next-generation  data  center  at 


Download 
the  white  paper  at 
brocade.com/ 
virtualization 
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The  Project’s  the  Assembly  Line 


N  AN  information-driven  service  economy,  projects  are  the  founda¬ 
tions  of  business.  So  says  Douglas  Clark,  CEO  of  Metier  Ltd.  in  Ar¬ 
lington,  Va.  He  argues  that  in  an  era  when  business  success  depends 
on  bringing  ideas  to  market  quickly,  project  management  is  akin  to 
building  and  managing  a  manufacturing  plant  in  days  gone  by. 


“The  project  is  the  new  assembly 
line,”  he  says. 

Yet  most  projects,  especially  in  IT, 
fail  to  meet  expectations.  The  rea¬ 
sons  are  manifold,  but  Clark  points 
to  a  market  dominated  by  Microsoft 
Project,  software  that’s  fine  for  sched¬ 
uling  but  little  more.  He  says  a  sched¬ 
ule  doesn’t  reveal  the  process,  with  all 
its  interrelations  and  logic.  For  that, 
you  need  a  full-blown  project  portfo¬ 
lio  management  application. 

Not  surprisingly,  Clark  claims  that 
Metier’s  Web-based  WorkLenz  sub¬ 
scription  service  is 
as  complete  a  PPM 
offering  as  you  can 
buy,  er,  rent.  He 
says  WorkLenz, 
now  in  its  5.6  itera¬ 
tion,  uses  Project 
Management  Insti¬ 
tute  best  practices 
in  areas  like  budget 
calculation  and  risk 
assessment. 


He  likens  its  algorithms  to  “as¬ 
sistants”  for  project  managers.  For 
example,  you  can  use  the  product’s 
duration  estimator  to  forecast  how 
long  a  project  will  take  based  on  the 
complex  mix  of  resources  available. 

Next  year,  Metier  intends  to  re¬ 
lease  an  algorithm  tentatively  called 
Builder  that  will  create  entire  proj¬ 
ects  based  on  past  project  data.  And 
it’s  developing  3-D  visualization  fea¬ 
tures  for  reporting  on  project  status. 

Pricing  starts  at  $10  per  user. 

Many  Myopic  Eyes 

Open-source  proponents  claim  that 
the  Law  of  Many  Eyes  leads  to  higher- 
quality,  more  secure  code:  Because 
anyone  can  view  the  source  code, 
find  problems  and  report  back  to  the 
community,  you  get  better  software. 

But  Fortify  Software  Inc.  in  San 
Mateo,  Calif.,  has  analyzed  11  popu¬ 
lar  open-source  software  products, 
and  the  news  is  not  good.  According 
to  Jacob  West,  manager  of  Fortify’s 


Projects  are  more 
than  well-run 
schedules, 
Clark  argues. 


security  research  group,  all  11  have 
significant  vulnerabilities. 

What’s  more,  says  West,  in  looking 
at  different  releases,  Fortify  found 
that  old  security  problems  often 
didn’t  get  fixed  and,  worse,  that  new 
vulnerabilities  were  introduced. 

And  in  an  utter  embarrassment  for 
open-source  advocates,  the  report 
reveals  that 
basic  secu¬ 
rity  flaws  that 
would  easily 
be  detected 
by  automated 
testing  tools 

are  scattered  throughout  the  code.  In 
sum,  the  Law  of  Many  Eyes  is  bogus. 

West  is  not  arguing  that  com¬ 
mercial  software  is  any  more  secure 
than  open-source  products.  But  he 
warns  that  commercial  software  de¬ 
velopers  are  doing  more  to  develop 
good  development  processes  and 
that  without  augmenting  the  Law  of 
Many  Eyes,  the  open-source  process 
is  unlikely  to  deliver  secure  code. 

Destroy  HDDs  Quickly 

OK,  you’ve  just  finished  rolling  out 
new  PCs.  What  are  you  going  to  do 
with  all  those  old  hard  disk  drives 
loaded  with  sensitive  information? 

Most  companies  use  software  to 
overlay  random  bits  repeatedly.  Oth¬ 
ers  prefer  the  physical  approach  and 
drill  holes  through  the  platters. 

David 

Luong,  product 
manager  at 
Fujitsu  Com¬ 
puter  Products 
of  America 
Inc.,  considers 
both  methods 
too  slow  for  an 
IT  operation 
staring  at  thousands  of  drives.  His 
solution?  Magnets. 

Two  big,  honkin’  magnets,  to  be 
precise,  installed  in  Fujitsu’s  Mag 
Erasure  P3M.  According  to  Luong, 
you  place  a  drive  in  the  300-pound 
unit,  turn  the  hand  crank  for  15  sec¬ 
onds,  and  voila  —  all  of  the  _ 
data  and  the  read/write 
head  are  destroyed,  meet¬ 
ing  National  Security 
Agency  standards. 

Pricing  starts  at 
$40,000.  ■ 


Fujitsu’s  Mag 
Erasure  P3M 
destroys  data  fast. 


O  MORE  BUZZ 

Discover  and  discuss 
more  industry  action  at 
the  On  the  Mark  blog: 

blogs.computerworld. 

com/hall 
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Nominate  Your 
Case  Study  Today! 

Computerworld's  Green  IT  Symposium,  is  seeking 
IT  user-organization  case  study  submissions  for  its 
Green  IT  Awards  Program. 

Eligible  nominees  are  exclusively  IT  end-user  organizations. 
Nominations  of  IT  end-user  organizations  are  accepted  from  IT 
users  themselves,  their  public  relations  representatives,  or  vendors 
on  behalf  of  their  IT  end-user  customers.  Multiple  submissions  of 
case  studies  describing  different  deployments  per  IT  end-user/ 
organization  will  be  considered. 

Five  finalists  in  each  of  the  following  categories  will  be  recognized  at 
Computerworld's  Green  IT  Symposium  on  September  18,  2008,  at  the 
Gaylord  National  Resort  and  Convention  Center  in  National  Harbor,  MD: 

•  ROI  in  Green  Computing 

•  Best  Practices  in  Energy  Efficient  Computing 

•  Green  IT  in  the  Data  Center 

•  Reducing  IT  Complexity  Increases  Green  IT 

•  IT  Leadership  in  Embracing  Change  with  Green  IT: 

Corporate  Responsibility 

The  deadline  for  receipt  of  submissions  is  Friday,  August  13, 2008. 

For  complete  details,  and  to  submit  your  nominations,  visit: 

www.greenitsymposium.com/awards.aspx 


f-  .• 


September  17-18, 2008  •  Gaylord  National  Resort  and  Convention  Center*  National  Har 
www.greenitsymposium.com  V! 


m  THE  0I1ILL 

Ira  WinMer 

The  security  maven  talks  about  how 
information  security  differs  from 
computer  security,  why  ‘awareness’ 
isn’t  enough,  and  when  grandma’s 
computer  has  to  be  shut  down. 


Name:  Ira  Winkler 

Title:  Founder  and  president 

Organization:  Internet  Security 
Advisors  Group 

Location:  Annapolis,  Md. 

Favorite  technology:  Airplanes 

In  high  school,  he  was:  “Voted 
Mr.  Physical  Education.  I  was 
actually  up  for  Class  Clown, 
but  I  was  the  only  person  nomi¬ 
nated  who  was  on  two  sports 
teams  and  so  they  moved  me 
over  for  that.” 

Role  model:  Maxwell  Smart 

Favorite  vice:  Judge  Judy 

Pet  peeve:  “Man  (or  should  I 
say  idiot)  on  the  street  inter¬ 
views  on  newscasts.” 

Ask  him  to  do  anything  but . . . 
“I  just  might  not  do  it.” 


Ira  Winkler  began  his  career  at  the 
National  Security  Agency,  where  he 
combined  computer  systems  analysis  and 
intelligence  analysis.  He  is  founder  and 
president  of  Internet  Security  Advisors 
Group.  When  Hewlett-Packard  Co.  ac¬ 
quired  ISAG  in  2001,  Winkler  served  as 
chief  security  strategist  for  HP  Consult¬ 
ing.  He  is  the  author  of  several  books, 
including  Spies  Among  Us  and  Zen  and 
the  Art  of  Information  Security. 

What’s  the  most  important  information 
security  lesson  you  learned  while  at  the 
National  Security  Agency?  It’s  all  about 
protecting  information,  not  computers. 
Information  can  be  in  any  form.  It  can 
be  conned  out  of  someone  or  retrieved 
from  the  trash.  The  CIO  has  to  remem¬ 
ber  that  the  title  is  “chief  information 
officer,”  not  “chief  computer  officer.” 

So  they  have  to  work  with  the  physical 
security  people,  for  example,  to  make 
sure  that  the  guards  are  going  through 
the  building  not  just  looking  for  fires. 

Look  at  ChoicePoint  [which  in  2005 
revealed  that  it  was  tricked  into  disclos¬ 
ing  private  information  on  163,000  con¬ 
sumers].  A  computer  didn’t  get  hacked, 
but  does  it  matter?  They  had  to  pay 
big  fines  [$15  million],  and  they  should 
have,  because  they  didn’t  look  at  infor- 
Continued  on  page  22 
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Some  things  are  better  left  alone. 

Before  you  start  that  big  transition  to  VoIP,  hold  the 
phone.  It  may  not  be  the  grand  reconstruction  project 
they've  been  talking  about.  Simply  stated,  it  isn't  about 
ripping  and  replacing  or  big,  upfront  costs.  That's  because  it 
isn't  about  hardware.  It's  actually  about  software.  Now  you 
can  keep  your  hardware — your  PBX,  your  gateways,  even 


your  phones.  Move  to  VoIP  with  software.  Software  that 
integrates  with  Active  Directory,®  Microsoft®  Office,  Microsoft 
Exchange  Server,  and  your  PBX.  Maximize  your  current  PBX 
investment  and  make  it  part  of  your  new  software-based 
VoIP  solution  from  Microsoft.  It's  big  change,  without 
changing  it  all.  Learn  more 


at  microsoft.com/voip 


m 


mm  WP 


Your  potential.  Our  passion.' 

Microsoft 


m  THE  GRILL  I  IRA  WINKLER 


please,’ 
have  no 
to  help. 


We  keep 
saying 
‘pretty 
but  [ISPs] 
incentive 


Continued  from  page  20 

mation  security  as  information  security, 

they  looked  at  it  as  computer  security. 

So  the  GIQ  has  to  promote  information 
security  of  all  types?  Awareness  pro¬ 
grams  can  be  good,  but  awareness 
without  enforcement  is  completely 
useless.  What’s  the  penalty  for  brows¬ 
ing  pornography?  You  get  fired.  You 
need  something  like  that  for  other 
kinds  of  security  violations  —  for  ex¬ 


ample,  leaving  your  password  taped  to 
your  monitor.  There  should  be  spot¬ 
checking  —  someone  walking  through 
periodically  looking  for  passwords. 
First,  line  managers  should  be  respon¬ 
sible  for  reviewing  the  workplace, 
and  security  staffs  should  do  monthly 
walk-throughs. 

The  federal  government  is  increasingly  in 
the  information  security  awareness  busi¬ 
ness.  Yes,  the  Department  of  Home¬ 
land  Security  is  relying  on  awareness 
efforts.  [DHS  head]  Michael  Chertoff 
says  [to  security  professionals],  “Hey 
guys,  work  with  us,  because  it’s  the 
right  thing  to  do.” 

Government  has  been  asking  people 
to  voluntarily  cooperate  and  has  gotten 
no  results  whatsoever.  The  Internet 
service  providers  and  backbone  pro¬ 
viders  are  still  poorly  maintaining  the 
critical  infrastructure.  We  keep  saying 
“pretty  please,”  but  they  have  no  incen¬ 
tive  to  help.  So  Congress  should  pass 
enforcement  laws,  and  DHS  should  be 
mandating  things. 

What  kinds  of  things  might  be  mandated? 

Bad  guys  attack  systems  remotely  over 
the  Internet.  When  you  see  grandma 
sending  50,000  e-mail  messages,  you 
know  that’s  bad  traffic.  Why  don’t  ISPs 
stop  obviously  bad  traffic?  Get  grand¬ 
ma  off  until  she  fixes  her  computer. 

Similarly,  ISPs  could  scan  users,  and 
if  they  are  not  using  the  latest  [anti¬ 
virus  and  operating  system]  updates, 
get  them  off  the  Internet.  “Awareness” 
means  no  one  is  held  responsible. 

Is  that  fair?  Grandma  is  no  bad  guy.  If 

you  leave  your  home  PC  vulnerable 
these  days,  you  are  not  necessarily 
harming  yourself,  but  you  are  enabling 
fraud  because  somebody  is  going  to 
take  over  your  computer  and  use  it  to 
attack  others  or  aid  in  piracy  of  music 
and  movies  and  things  like  that. 

But  don’t  some  people  object  to  ISP  filter¬ 
ing  on  censorship/privacy/free-market 
principles?  Arguments  that  say  service 
providers  have  no  right  to  stop  some¬ 
one  from  sending  20  million  ping  mes¬ 
sages  are  absurd.  I  am  all  for  freedom 
of  whatever  until  it  starts  impinging  on 
the  freedom  of  others  as  well  as  creat¬ 
ing  a  financial  drain  on  others. 


The  mandates  I  propose  are  look¬ 
ing  to  stop  the  exploitation  of  other 
people’s  systems,  which  in  turn  cause 
damages  to  millions  of  others.  The 
monitoring  is  targeting  what  is  gener¬ 
ally  considered  criminal  activity  and  is 
done  without  human  intervention. 

At  the  corporate  level,  is  a  combination 
of  awareness  and  enforcement  working 
pretty  well?  Some  big  companies,  like 
Citibank  and  JPMorgan  Chase,  are 
doing  reasonably  well.  But  companies 
like  T.J.  Maxx  [which  last  year  report¬ 
ed  that  millions  of  credit  card  numbers 
had  been  stolen  from  its  systems]  are 
not  doing  so  well. 

For  example,  many  merchants  are 
asking  for  exemptions  and  extensions 
for  compliance  with  the  [Payment 
Card  Industry  Data  Security  Stan¬ 
dard].  They  want  to  hold  off  with  PCI 
compliance  so  that  they  don’t  have 
to  spend  the  money.  They  say  it’s  too 
difficult,  but  the  reality  is  that  they 
don’t  want  to  put  the  required  resourc¬ 
es  to  it.  T.J.  Maxx  had  an  extension. 

But  security  is  like  the  80/20  rule, 
only  it’s  99/1.  You  can  solve  99%  of 
your  problems  with  1%  of  the  effort.  If 
you  take  care  of  the  basics  —  enable 
Windows  Update  Services,  buy  anti¬ 
virus  software,  get  host-based  intru¬ 
sion  detection  and  so  on  —  you  make 
it  significantly  harder  for  the  bad  guys 
to  attack  you.  They  go  for  the  low- 
hanging  fruit,  and  they  keep  moving 
on  to  more  vulnerable  targets. 

In  your  talk  at  the  RSA  security  confer¬ 
ence  in  April,  you  explained  how  very 
basic  security  lapses  made  it  easy  for  you 
to  break  into  a  power  company’s  control 
systems.  Yes,  we  were  able  to  access 
the  power  grid.  It  was  embarrassingly 
simple.  Some  negative  comments  that 
my  presentation  received  included 
that  Hacking  101  should 
not  be  part  of  an  RSA 
presentation,  meaning  it 
is  too  simple  for  the  audi¬ 
ence.  The  problem  is  that 
Hacking  101  was  all  that 
was  required  to  attack  the 
power  grid,  and  that  people  who  have 
that  type  of  response  are  the  biggest 
threat  to  security.  They  know  it  all,  but 
they  know  nothing. 

—  Interview  by  Gary  Anthes 


READ  MORE 

For  additional  information 
on  security  issues,  read 
this  week's  cover  story, 
‘‘How  Secure  Is  Secure 
Enough?"  Page  28 
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INTRODUCTION 

In  a  recent  online  survey  of  1 1 1  senior  IT  managers,  Computerworld 
asked  respondents  about  their  strategies  for  aligning  IT  with  the  busi¬ 
ness.  Survey  results  show  that  for  many  IT  leaders,  alignment  with  the 
business  no  longer  means  just  cutting  costs  or  rolling  out  strategic  appli¬ 
cations.  Increasingly,  CIOs  define  alignment  in  terms  of  how  effectively 
their  IT  departments  support  core  business  goals  for  growth  and  prof¬ 
itability.  In  effect,  IT  has  to  mind  the  top  line  as  well  as  the  bottom 
line — to  improve  service,  drive  growth  and  deliver  value  to  the  business. 

One  strategy  CIOs  are  adopting  for  business-oriented  service  across 
IT  is  Business  Service  Management  (BSM),  an  approach  for  delivering  IT 
services  to  directly  support  specific  business  goals.  At  the  heart  of  BSM 
is  the  integration  of  IT  management  disciplines  and  process  automation, 
which  helps  IT  deliver  the  level  of  services  the  business  requires. 

This  white  paper  provides  an  analysis  of  the  survey  results  and  offers 
practical  strategies  for  adopting  BSM,  including  how  you  can  connect 
BSM  to  IT  governance  and  security  for  a  comprehensive  Enterprise  IT 
Management  approach. 

DRIVERS  FOR  BUSINESS  SERVICE  MANAGEMENT 


Business  Service  Management 
begins  with  practical  IT  strategies 
to  support  business  goals. 


The  Computerworld  survey,  which  was  designed  to  gauge  the  adoption 
rate  of  BSM  at  enterprise-size  organizations,  reveals  a  prevalent  interest 
in  BSM.  The  survey  asked  respondents  about  their  familiarity  with  BSM, 
defined  as  a  strategy  and  approach  for  aligning  IT  services  and  compo¬ 
nents  with  business  objectives  and  goals.  More  than  70%  of  respondents 
said  they  are  somewhat  familiar  with  BSM,  and  31%  said  they  are 
extremely  or  very  familiar  with  the  concept.  A  majority  of  respon¬ 
dents — 65% — has  adopted  BSM  or  is  planning  to  do  so  within  the  next 
12  months.  (Of  these,  12%  adopted  BSM  more  than  one  year  ago.) 

Don  LeClair,  a  senior  vice  president  with  CA,  says  that  he  has  seen  a 
burgeoning  interest  in,  and  understanding  of,  BSM  among  CIOs.  “One  of 
the  core  responsibilities  of  a  CIO  is  aligning  IT  with  the  business,”  LeClair 
says.  “BSM  can  allow  CIOs  to  do  that  by  changing  their  focus  from  man¬ 
aging  technical  silos  to  managing  the  services  IT  offers  to  the  business)’ 

BSM  offers  “a  growing  opportunity  for  IT  organizations  to  deliver 
business  innovation  and  alignment  with  IT  investment,”  according  to 
Stephen  Elliot,  research  director  of  the  Enterprise  System  Management 
Software  Service  at  IDC.  The  appeal  of  BSM  will  increase  “as  products 

Copyright  ©  2008  CA.  All  rights  reserved.  All  trademarks,  trade  names,  service  marks  and  logos  referenced 
herein  belong  to  their  respective  companies.  ITIL  ®  is  a  Registered  Trade  Mark,  and  a  Registered  Community 
Trade  Mark  of  the  Office  of  Government  Commerce,  and  is  registered  in  the  U.S.  Patent  and  Trademark  Office. 
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across  the  enterprise  management  markets  deliver  value 
through  integrations  and  service  dashboards  that  empow¬ 
er  IT  organizations  to  deliver  business  value  at  strategic 
levels  of  the  organization,”  Elliot  adds  (Business  Service 
Management:  Survey  Shows  Rising  Customer  Adoption 
and  Increasing  Maturity,  October  2007). 

While  65%  of  survey  respondents  said  that  aligning  IT 
and  the  business  is  a  driver  for  BSM,  there  are  other  driv¬ 
ers  as  well,  indicating  that  CIOs  are  looking  to  achieve  a 
number  of  goals  with  BSM. 

Increasing  IT  efficiency  is  a  mandate  for  many 
resource-strapped  CIOs,  and  52%  of  respondents  cited 
this  as  a  driver  of  BSM.  Given  that  the  scale  of  IT  is  grow¬ 
ing  faster  than  the  size  of  IT  staffs,  CIOs  need  to  get  the 
most  out  of  their  existing  personnel.  Automating  routine 
tasks  and  instituting  best  practices  for  repeatable  process¬ 
es— hallmarks  of  BSM— are  ways  to  boost  the  productiv¬ 
ity  and  efficiency  of  taxed  IT  staffs  and  reduce  errors. 

Another  top  driver  of  BSM  adoption  is  best  practices 
standards  such  as  ITIL®,  COBIT™  and  Six  Sigma®,  cited 
by  49%  of  respondents.  According  to  Bob  Sterbens,  CA 
director  of  product  marketing,  ITIL®  in  particular  com¬ 
plements  BSM.  “ITIL®  is  a  framework  that  provides  the 
baseline  to  deliver  BSM,”  Sterbens  says.  “Think  of  BSM  as 
the  goals  and  objectives  that  are  achieved  through  the 
processes  and  best  practices  of  ITIL®.” 

for  BSM  to  be  consistently  effective,  IT  departments 
need  to  continually  assess  their  investments  and  tie  those 
back  to  the  needs  of  the  business  while  ensuring  compli¬ 
ance.  Consequently,  the  42%  of  respondents  who  men¬ 
tioned  IT  governance  and  regulations  as  a  driver  for  BSM 
offer  “strong  validation  that  IT  departments  are  managing 
governance  in  a  professional  way  as  a  means  of  continu¬ 
ous  improvement,”  LeClair  says.  This  also  shows  the  inter¬ 
dependence  of  BSM  and  IT  governance  practices. 


As  expectations  of  IT  have  increased,  IT  budgets  have 
not  kept  pace,  for  41%  of  respondents,  BSM  is  viewed  as  a 
way  to  manage  the  cost  of  IT  investments.  In  particular, 
CIOs  turn  to  BSM  to  rein  in  operational  costs  through 
automation  of  routine  processes.  Automation  of  routine 
tasks  can  also  reduce  errors  and  control  costs  by  decreas¬ 
ing  service  issues  and  downtime,  critical  benefits  for  any 
enterprise  that  is  highly  dependent  on  IT. 

In  a  service-centric  environment,  IT  increasingly  needs 
to  be  proactive.  Among  survey  respondents,  35%  said  that 
customer  responsiveness  is  a  factor  for  adopting  BSM.  By 
viewing  IT  components  within  the  context  of  the  services 
they  deliver,  IT  can  improve  root-cause  analysis  and  prob¬ 
lem  management. 

for  32%  of  respondents,  BSM  provides  executive  visi¬ 
bility  and  transparency  into  IT.  Increasingly,  the  value  of 
IT  is  that  of  an  enabler  of  the  business  and  not  simply  an 
expense.  Not  coincidentally,  32%  of  respondents  said  that 
service-level  agreements  are  pushing  the  adoption  of  BSM 
as  IT  departments  offer  guarantees  that  service  quality 
meets  business  standards. 

BENEFITS  OF  BSM 

Survey  respondents  reported  many  important  benefits  of 
BSM  that  address  various  issues,  including  operational 
and  cultural  issues: 

■  Aligning  IT  with  the  business.  This  is  essentially  an 
overarching  goal  of  BSM  and  its  most  important  bene¬ 
fit;  84%  said  alignment  is  extremely  or  very  important. 
This  finding  is  not  surprising,  considering  that  IT/busi- 
ness  alignment  is  a  primary  driver  of  BSM. 

■  Improved  end-user  satisfaction.  This  is  a  benefit 
cited  by  79%  of  respondents  as  extremely  or  very 
important.  One  way  that  BSM  accomplishes  this  is 
through  monitoring  application  and  transaction  per- 


Attitudes  towards  BSM 


Please  rate  your  level  of  agreement  with  each  of  the  following  statements  regarding  BSM. 


Executive  buy-in  is  critical  to  an 
organization’s  BSM  adoption 


It  is  important  to  make  a  strong 
ROI  case  before  implementing  BSM 

Building  a  business  case 
for  BSM  is  difficult 

It  is  difficult  to  prove  the 
ROI  of  the  BSM 


The  value  proposition  for 
BSM  is  clear  to  me 


TOP  2  RATING  =  89% 
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Drivers  for  BSM  adoption 


Which  of  the  following  do  you  see  as  drivers  for  BSM  adoption? 


formance  with  service-centric  metrics  such  as  end-user 
response  time.  Traditional  IT  metrics  such  as  CPU  utiliza¬ 
tion  and  memory  usage  have  limited  relevance  in  a  serv¬ 
ice-centric  environment  because  they  don’t  indicate  the 
quality  of  the  end  users’  experience. 

■  Improved  communications.  Another  key  benefit  of  BSM, 
cited  by  74%  of  respondents  as  extremely  or  very  impor¬ 
tant,  is  an  improvement  in  communications  among  depart¬ 
ments.  “One  of  the  keys  to  BSM  is  establishing  a  common 
definition  of  what  a  service  is  and  communicating  that 
across  technical  silos,”  LeClair  says.  That  common  defini¬ 
tion  enables  IT  to  shift  its  focus  from  managing  technolo¬ 
gies  to  managing  services,  thereby  facilitating  communica¬ 
tions  with  the  business  side  as  well. 

■  Cost  savings.  Rounding  out  the  top  four  benefits  of  BSM  is 
overall  cost  savings  for  the  IT  department,  mentioned  by 
72%  of  respondents.  The  standard  processes  advocated  by 
BSM  improve  efficiency  and  facilitate  the  adoption  of  best 
practices,  both  of  which  can  reduce  the  cost  of  IT  opera¬ 
tions.  In  addition,  standard  processes  can  be  automated,  a 
key  factor  in  reducing  costs. 

■  Improved  predictability.  Standardizing  and  automating 
routine  tasks  also  improves  predictability — a  benefit 
cited  by  70%  of  survey  respondents  as  extremely  or  very 
important. 

■  Operational  benefits.  While  BSM  inherently  aims  to 
improve  the  level  and  reliability  of  service  to  end  users, 
it’s  important  to  note  that  there  are  several  benefits  that 
address  IT  operations  specifically.  According  to  the 
Computerworld  survey,  three  such  benefits  stand  out  in 
terms  of  being  extremely  or  very  important  to  respondents: 


1.  BSM  reduces  downtime  in  the  IT  department  (by  provid¬ 
ing  consolidated  management  that  leads  to  faster  repairs 
and  more  proactive  response),  cited  by  68%  of  respon¬ 
dents. 

2.  BSM  helps JT  operators  prioritize  tasks  (by  providing  visi¬ 
bility  into  demand  for  services,  which  enables  accurate 
planning),  cited  by  65%  of  respondents. 

3.  BSM  decreases  time  to  market  for  IT  services  (by 
enabling  IT  to  dynamically  provision  IT  assets  as  needed 
and  dynamically  manage  workloads),  cited  by  60%  of 
respondents. 

One  of  the  key  ideas  behind  BSM  is  that  it  benefits  both 
the  end  users,  who  are  the  recipients  of  timely  and  reliable 
services,  as  well  as  the  IT  department,  which  is  freed  up 
from  performing  routine  tasks  in  favor  of  doing  more 
strategic  work. 

BARRIERS  TO  BSM  ADOPTION 

As  with  any  initiative  designed  to  change  the  nature  of  what 
IT  does,  CIOs  must  contend  with  challenges  when  adopting 
BSM.  Survey  respondents  reported  the  following  obstacles  to 
implementing  BSM: 

■  Lack  of  understanding  of  the  value  proposition  (48%) 

■  Already  committed  to  other  major  initiatives  (46%) 

■  Staff  skill  sets  (42%) 

■  Confidence  in  the  maturity  of  the  solutions  being 
offered  (34%) 

■  Budget  (32%) 

■  Have  not  adopted  ITU®  (29%) 

■  Technology  integration  (28%) 

■  Implementing  a  CMDB  (26%) 


Source:  Computerworld/ 
IDG  Research 
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BSM  adoption 


STRATEGIES  FOR  SUCCESSFUL  BSM  ADOPTION 
There  is  no  boilerplate  template  for  implementing  BSM; 
how  an  IT  organization  proceeds  depends  entirely  on  its 
starting  point  and  its  priorities.  As  a  concept,  BSM  can  be 
overwhelming,  so  it  pays  to  “have  a  good  idea  of  the  end 
state  you  want  to  achieve  and  put  a  plan  in  place  to  get 
there  incrementally,”  says  Allan  Andersen,  CA  vice  presi¬ 
dent  of  product  management. 

To  successfully  adopt  BSM,  an  IT  department  has  to 
clearly  assess  its  current  capabilities  and  process  maturity 
level  in  four  general  areas  which,  says  Sam  Somashekar, 

CA  senior  principal  product  manager,  cover  the  entire 
service  lifecycle.  By  tackling  each  of  these  areas  based  on 
priorities  and  where  best  to  achieve  a  return,  an  IT  organi¬ 
zation  can  take  an  incremental  approach  to  implementing 
BSM  that  incorporates  continual  process  improvement: 

■  Application  performance  management  (APM).  This 
area  provides  IT  with  comprehensive  visibility  into  every 
transaction  and  enables  the  management  of  transac¬ 
tions  from  a  performance  perspective.  APM  enables  IT 
to  react  quickly  to  performance  issues  by  supporting 
real-time  monitoring  capabilities.  In  addition,  APM  pro¬ 
vides  an  understanding  of  how  IT  problems  affect  busi¬ 
ness  services. 

According  to  Rick  Fitz,  vice  president  of  product 
management  at  CA,  IT  can  easily  grasp  APM  by  shift¬ 
ing  how  it  has  typically  looked  at  performance. 
Traditionally,  IT  has  focused  initially  on  detecting 
faults  in  the  infrastructure  and  then  stabilizing  them, 
followed  by  monitoring  the  performance  of  devices, 
and  finally,  by  looking  at  transaction  performance. 
“With  BSM,”  Fitz  says,  “IT  has  to  look  at  transactions 
first,  which  ensures  that  problems  affecting  users  are 
addressed  quickly.” 

■  Data  center  automation.  By  automating  routine,  repeti¬ 
tive  tasks  such  as  patch  management  and  software  deliv¬ 
ery,  IT  can  provision  IT  assets  as  needed  and  dynami¬ 
cally  manage  workloads.  In  addition,  data  center 
automation  provides  the  business  with  service  planning 


We  adopted  BSM 
more  than  one 
year  ago,  12% 


We  have  started  to 
adopt  BSM  within  the 
last  12  months,  16% 


We  have  no  plans 
to  adopt  BSM,  35% 


We  are  planning 
to  adopt  BSM 
within  the  next 
12  months,  23% 


We  are  planning  to 
adopt  BSM  in  the 
future  but  not  within 
the  next 
12  months,  14% 


Base:  1 1 1  respondents 


At  what  stage  is  your  organization  in  terms  of  BSM  adoption ? 


reports  and  can  enable  IT  to  support  changing  condi¬ 
tions  through  real-time  response.  Consequently,  data 
center  automation  helps  IT  operations  streamline  its 
tasks  and  facilitate  better  service  to  end  users. 
Computerworld  survey  respondents  recognize  the  value 
of  data  center  automation.  In  fact,  89%  of  respondents 
said  that  data  center  automation  is  at  least  somewhat 
important  to  their  organization,  with  32%  rating  it 
extremely  important  and  32%  rating  it  very  important. 

■  Infrastructure  management.  The  key  in  terms  of 
BSM  is  “to  integrate  infrastructure  management  into  a 
cohesive,  unified  view,”  Somashekar  says.  A  unified 
view  of  infrastructure  components  gives  IT  the  ability 
to  conduct  root-cause  analysis  by  correlating  events 
and  performance  issues  across  the  entire  IT  infrastruc¬ 
ture.  “Correlating  activities  across  the  infrastructure  is 
necessary  in  order  to  handle  change  better,” 
Somashekar  adds.  “From  an  infrastructure  manage¬ 
ment  perspective,  it’s  important  to  diagnose  and  repair 
problems  before  they  impact  services.” 

■  Service  management.  This  involves  “the  analysis  of  a 
lot  of  the  activities  that  happen  in  the  infrastructure,” 
Andersen  says.  “This  is  accomplished  through  looking 
at  things  like  dashboards,  service  levels  and  the  overall 
services  delivered.”  With  service  management,  IT  gains 
the  ability  to  manage  both  hardware  and  software 
assets,  which  often  results  in  better  cost  control  and 
better  governance  of  software  licenses. 

CIOs  are  shifting  from  running  IT  as  a  technology 
base  to  running  IT  as  a  business,  and  BSM  “allows  CIOs 
to  run  IT  more  efficiently  and  align  IT  with  the  business,” 
Andersen  says.  To  ensure  continual  business  alignment, 
IT  needs  to  be  able  to  connect  BSM  to  security  and  gov¬ 
ernance  solutions  for  a  comprehensive  Enterprise  IT 
Management  (EITM)  approach.  “As  regulations  and 
compliance  issues  become  part  of  a  service,  IT  has  to 
manage  IT  services  and  provide  governance  of  IT 
investments  so  that  the  services  delivered  are  the  right 
services,”  says  LeClair.“BSM  is  about  providing  the 
services,  while  governance  is  focused  on  strategic  visions, 
projects  and  decision  making,”  adds  Sarah  Meyer,  CA 
product  marketing  director. 

CONCLUSION 

To  succeed  at  BSM,  IT  departments  need  to  automate 
processes  and  integrate  the  management  of  IT  compo¬ 
nents  to  deliver  high-quality  services  that  meet  business 
needs.  In  effect,  this  means  that  IT  departments  can  no 
longer  focus  on  managing  devices  or  applications — they 
must  correlate  technology  components  within  the  infra¬ 
structure  to  the  business  services  that  they  support.  In  the 
process  of  doing  this,  the  role  of  IT  shifts  from  being  cen¬ 
tered  on  providing  technology  to  focusing  on  providing 
services  that  contribute  to  business  goals.  The  end  result 
of  successful  BSM  adoption — IT/business  alignment — is 
characterized  by  a  responsive,  dynamic  IT  infrastructure 
that  supports  the  delivery  of  services  that  enable  users  to 
succeed  and  a  business  to  thrive. 


Source:  Computerworld/  IDG  Research 


■  OPINION 

John  D.  Halamka 


Time  Is  the  Most 
Valuable  of  Gifts 

TIME  is  the  one  commodity  you  cannot  buy  or 

make  more  of.  It  is  our  most  valuable  resource.  As 
a  CIO,  I  should  allocate  this  precious  commodity  to 
those  people  and  projects  most  needing  attention. 


I  would  really  enjoy 
spending  my  days  meeting 
with  friendly,  aligned  and 
supportive  stakeholders 
and  focusing  on  the  proj¬ 
ects  that  are  proceeding 
flawlessly.  But  my  time  is 
better  spent  on  the  stake¬ 
holders  who  aren’t  satis¬ 
fied  and  the  projects  that 
are  troubled  by  politics, 
scope  creep  or  technical 
challenges. 

Every  day,  my  staff  pep¬ 
pers  me  with  questions  on 
the  budget,  strategy  and 
workplace  politics.  I  should 
not  be  the  cause  of  a  slow¬ 
down  in  their  productivity, 
so  I  respond  within  an 
hour  with  either  an  answer 
or  a  set  of  next  steps.  This 
is  a  great  use  of  my  time. 

Every  day,  my  customers 
ask  for  new  projects,  new 
priorities  or  new  features. 

I  respond  with  either  a 
blog  entry  so  that  I  widely 
communicate  the  answer,  a 
personal  e-mail  or  a  set  of 
next  steps  (pulling  in  our 
governance  committees  to 
consider  the  request).  This 
is  a  great  use  of  my  time. 

Every  day,  I  receive  a 
hundred  requests  from 


salespeople  for  my  time.  I 
will  not  grant  my  time  to 
cold-calling  salespeople. 
As  needs  arise,  I’ll  search 
the  Web  for  technologies 
and  user  experiences  with 
various  products.  I’ll  then 
contact  the  vendors  I  want 
to  talk  to. 

Every  day,  I  receive  nu¬ 
merous  requests  to  travel 
to  give  presentations.  I’m 
always  happy  to  educate, 
communicate  and  collabo¬ 
rate.  But  whereas  doing 
a  conference  call,  WebEx 
meeting  or  videoeconfer- 
ence  is  a  great  use  of  my 
time,  sitting  in  an  airport 
for  half  a  day  because  of  a 
canceled  flight  is  not.  I’m 
hoping  our  culture  chang¬ 
es  to  the  point  that  we 
all  recognize  the  value  of 
time  and  do  more  virtual 
collaboration. 

The  value  of  time  has 
been  much  on  my  mind 
lately,  and  I  realized  that 

■  While  ifs  true 
that  you  can’t  make 
more  time,  you  can 
make  a  gift  of  it. 


while  it’s  true  that  you 
can’t  make  more  time,  you 
can  make  a  gift  of  it.  I  did 
this  recently  for  my  father. 

I  had  a  Google  Advisory 
Council  meeting  in  Silicon 
Valley  that  ended  in  the 
early  afternoon.  My  par¬ 
ents  live  in  Southern  Cali¬ 
fornia,  so  I  asked  my  father 
to  fly  up  to  San  Jose. 

We  drove  together 
through  the  most  beautiful 
places  in  the  Santa  Cruz 
Mountains  —  Crystal 
Springs  Reservoir/Filoli/ 
Alpine  Road,  Highway 
84  to  Skyline  Boulevard, 

La  Honda,  San  Gregorio, 
Highway  1  to  Pigeon  Point 
Lighthouse  and  Pescadero. 
For  six  hours,  we  turned  off 
our  cell  phones,  drove  and 
talked.  We  talked  about 
life,  goals,  the  future,  fam¬ 
ily  and  challenges.  We  had 
dinner  at  Duarte’s,  a  19th 
century  restaurant  known 
for  its  fresh  artichoke  dish¬ 
es  and  homemade  pie. 

At  sunset,  we  returned 
to  Skyline  Boulevard  and 
played  our  flutes  together 
—  my  shakuhachi  and  his 
Native  American  flute.  I 
then  dropped  him  off  at 


the  airport  and  spent  the 
night  in  San  Francisco 
before  an  early-morning 
board  meeting. 

I  can  think  of  no  more 
profound  gift  than  time. 
My  daughter  and  I  recently 
began  playing  the  Native 
American  flute  so  that  we 
can  have  a  family  gift  of 
time.  My  parents  will  join 
us  on  our  family  vacation 
to  Yosemite  in  August,  and 
we’ll  play  music  together 
across  three  generations. 

I  would  be  completely 
content  to  never  get  anoth¬ 
er  tie,  CD  or  gadget  for  Fa¬ 
ther’s  Day  if  instead  I  could 
have  the  gift  of  time  from 
my  daughter  for  a  walk  in 
the  woods,  kayaking  a  river 
or  playing  a  flute. 

Next  time  you  ask  how 
to  organize  your  day  as 
an  IT  professional,  think 
about  the  value  of  your 
time.  Think  about  the 
needs  of  your  customers, 
staff  and  family.  If  you 
think  about  your  time  as 
a  gift  and  your  most  valu¬ 
able  commodity,  I  suspect 
your  schedule  may  change. 
I  know  mine  has.  ■ 

John  D.  Halamka  is  CIO 
at  CareGroup  Healthcare 
System,  CIO  and  associ¬ 
ate  dean  for  educational 
technology  at  Harvard 
Medical  School,  chair¬ 
man  of  the  New  England 
Health  Electronic  Data 
Interchange  Network,  chair 
of  the  national  Healthcare 
Information  Technology 
Standards  Panel  and  a 
practicing  emergency  physi¬ 
cian.  You  can  contact  him 
at  jhalamka@caregroup. 
harvard.edu. 
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Are  your  information 
security  plans  too  big, 
too  small  or  just  right? 

Here  are  five  steps 
|  to  help  you  decide. 

BY  JAIKUMAR  VIJAYAN  1 


F  THERE  is  a  Holy  Grail  in 
the  information  security 
industry,  it  surely  is  the  an¬ 
swer  to  the  question,  “How 
secure  is  secure  enough?” 

It’s  a  question  that  many 
security  managers  have  ei¬ 
ther  avoided  answering  altogether  or 
tried  to  quickly  sidestep  by  throwing 
a  fistful  of  mainly  pointless  opera¬ 
tional  metrics  at  anyone  who  cared 
to  ask. 


But  with  a  faltering  economy  be¬ 
ginning  to  put  the  squeeze  on  IT 
budgets,  and  security  managers  be¬ 
ing  asked  to  justify  every  dollar  they 
spend,  there  is  a  growing  need  to 
come  up  with  a  better  answer  to  the 
query.  Increasingly,  there  is  pressure 
on  IT  managers  to  demonstrate  how 
exactly  their  security  investments 
are  helping  them  manage  threats  to 
their  businesses.  Companies  want  to 
know  if  the  money  they  are  spending 


j  on  security  is  too  much,  too  little  or 
!  just  enough. 

Answering  the  question  with  any 
degree  of  accuracy  involves  art  and 
luck  as  much  as  it  does  science,  say 
security  managers.  But  by  adopting 
the  right  approaches,  it  is  possible  to 
arrive  at  a  better  answer  than  some 
might  expect,  they  say. 

Here  are  five  steps  to  help  you 
determine  whether  your  company  is 
secure  enough. 
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y~\  Decide  how  secure  you  want  to  be. 

“■To  know  whether  your  security 
I  controls  are  meeting  business 
JH  objectives,  you  first  have  to 
know  how  secure  you  want  to  be, 
says  Krag  Brotby,  a  consultant  at  the 
Information  Systems  Audit  and  Con¬ 
trol  Association  (ISACA)  and  author 
of  several  books  on  security  gover¬ 
nance  models. 

There  is  no  such  thing  as  100% 
avoidance  of  all  risk,  so  the  goal  should 
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be  to  decide  how  much  you  are  com¬ 
fortable  with,  he  says. 

“People  often  talk  about  acceptable 
risk,”  says  Brotby,  but  what  you  really 
should  focus  on  is  acceptable  business 
impact. 

In  other  words,  exactly  how  much 
disruption  is  your  business  willing  to 
endure  from  a  security  compromise 
before  it  invests  in  mitigating  potential 
threats?  To  make  that  determination, 
consider  these  questions: 

■  How  much  is  the  business  willing 
to  spend  to  mitigate  a  threat  that  poses 
a  l-in-10  chance  of  causing  a  business 
disruption  worth  about  $2,000? 

■  How  much  would  it  be  willing  to 
spend  on  the  same  threat  if  it  was  like¬ 
ly  to  result  in  $10  million  in  damages? 

■  How  long  can  a  critical  system  be 
down? 

■  What  sort  of  recovery-time  objec¬ 
tives  need  to  be  met? 

■  What,  if  any,  are  the  regulatory 
and  industry  compliance  obligations? 

“These  are  the  type  of  questions 
that  need  to  be  asked  at  the  executive 
level,”  Brotby  says.  “By  the  time  you 
are  through  this  negotiation  process, 
you  have  a  very  strong  indication  of 
the  acceptable  level  of  impact”  and  can 
plan  for  the  future  accordingly. 

2  Get  a  handle  on  asset  value. 

To  manage  risk,  it’s  not 
enough  just  to  know  how  seri- 
|  ous  a  threat  is,  says  John  Mea- 
kin,  group  head  of  information  secu¬ 
rity  at  Standard  Chartered  Bank.  You 
also  need  to  understand  the  probability 
of  that  threat  actually  being  exploited 
in  your  environment,  the  value  of  the 
assets  that  are  the  targets  of  the  threat 
and  the  likely  effect  on  your  business. 
Only  then  can  you  really  know  if  the 
cost  involved  in  mitigating  a  threat  is 
justified,  he  says. 

That  approach  has  allowed  Standard 
Chartered  to  do  things  like  defer  in¬ 
stalling  security  patches  —  even  criti¬ 
cal  ones  —  on  some  systems  because  it 
decided  that  the  effort  was  not  worth¬ 
while,  based  on  the  actual  risk. 

Similarly,  it  has  allowed  the  bank 
to  permit  unauthenticated  access  to 
some  of  its  internal  systems  because 
there  are  enough  compensating  physi¬ 
cal  security  controls. 

“Once  you  use  a  risk-driven  ap¬ 


proach,  it  actually  is  incredibly  liberat¬ 
ing.  It  allows  you  to  challenge  some  of 
the  long-held  rules”  related  to  the  use 
of  security  tools,  Meakin  says. 

Core  to  this  approach  is  the  need 
to  understand  asset  value,  he  says. 

Not  all  IT  systems  are  created  equal, 
and  not  all  of  them  present  the  same 
risks  or  have  the  same  level  of  expo¬ 
sure  to  threats.  Therefore,  it’s  impor¬ 
tant  to  assign  a  business  value  to  the 
IT  assets  in  your  organization,  says 
Meakin. 

Asset  value  is  based  on  factors  such 
as  the  criticality  of  applications  or  the 
services  supported  by  an  IT  asset  and 
its  interdependencies  with  other  ap¬ 
plications  and  infrastructure  compo¬ 
nents,  he  says. 

For  instance,  an  Active  Directory 
server  that  supports  multiple  business- 
critical  applications  would  likely  be 
considerably  more  important  than  a 
server  running  an  e-mail  application, 
from  a  business  continuity  standpoint. 

Implement  a  control  framework. 

Once  you  have  a  good  idea  of 
the  desired  state  of  security, 
choose  the  most  appropriate 
set  of  technology,  management  and 
process  controls  to  help  you  get  and 
stay  there. 

Perhaps  the  most  efficient  way  of 
doing  this  is  to  implement  an  internal 
framework  that  maps  business  and  risk 
management  requirements  to  their 
appropriate  IT  controls,  says  Eric  Litt, 
chief  information  security  officer  at 
General  Motors  Corp. 

“In  order  to  make  good  decisions, 
you  need  to  have  a  framework  for  your 
security  program,”  he  says. 

Standards  such  as  the  Cobit  con¬ 
trol  framework,  ISO  17799/27001  and 
COSO  can  help  IT  organizations  iden¬ 
tify  the  controls  that  will  help  them 
meet  their  particular  business  needs 
and  comply  with  regulatory  require¬ 
ments,  Litt  says. 

“You  get  every  single  tool  under¬ 
neath  the  sun,”  he  says.  “That’s  what 
these  frameworks  provide  for  you.” 

The  ISO  27001  and  27002  frame¬ 
works  can  help  a  company  develop 
policies,  procedures  and  processes 
for  meeting  its  risk  management  and 
compliance  objectives,  Litt  says.  They 
also  provide  a  list  of  technology  con- 
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trols  that  need  to  be  used  to  meet  those 
objectives. 

For  example,  the  frameworks  can  be 
used  to  decide  the  appropriate  tools  to 
meet  an  internal  data  access  control 
objective  or  to  comply  with  a  statute 
that  requires  data  logging  and  auditing 
capabilities. 

A  formal  framework  gives  compa¬ 
nies  a  way  to  quickly  assess  how  ef¬ 
fectively  their  controls  are  working,  be¬ 
cause  each  security  control  is  mapped 
to  a  specific  business  or  compliance 
objective,  says  Marc  Othersen,  an  ana¬ 
lyst  at  Forrester  Research  Inc. 

“It  shows  why  a  control  is  there  in 
the  first  place.  It  links  security  controls 
to  IT  risks  and  shows  what  would  hap¬ 
pen  if  a  particular  control  fails,”  says 
Othersen.  “The  IT  risk  management 
goal  is  to  put  context  around  a  control 
failure.” 


Measure  everything. 

Use  metrics  to  ensure  compli¬ 
ance  with  control  objectives. 
The  audiences  for  such  met¬ 
rics  and  the  purposes  those  metrics 
serve  can  vary,  so  it’s  important  to  en¬ 
sure  that  all  aspects  of  an  IT  security 
program  are  measured. 

A  metrics  program  that  is  focused 
purely  on  operational  data  —  such  as 
firewall  log  data  or  antivirus  data  — 
offers  no  navigational  or  management 
metrics,  says  ISACA’s  Brotby. 

“If  I  don’t  have  good  policy  compli¬ 
ance,  is  it  because  people  don’t  know 
how  to  do  it  or  because  they  are  ignor¬ 
ing  my  policy?”  he  says. 

To  understand  such  issues,  GM 
has  established  a  four-tiered  metrics 
framework  to  collect  and  analyze  per¬ 
formance  data  on  multiple  aspects  of 
the  company’s  information  security 
program  (see  “GM’s  Metrics  Frame¬ 
work,”  this  page). 

The  right  metrics  can  help  busi¬ 
nesses  track,  trend  and  report  on  secu¬ 
rity  performance,  says  Ed  Cooper,  vice 
president  of  marketing  at  Skybox  Secu¬ 
rity  Inc.,  a  vendor  whose  risk-modeling 
products  are  used  by  organizations 
such  as  Standard  Chartered  Bank.  The 
trick  is  to  know  which  metrics  make 
sense  for  each  stakeholder,  how  to 
gather  the  information  and  what  lan¬ 
guage  to  present  it  in,  he  says. 

“Everybody  looks  at  risk  from  their 


GM’s  Metrics  Framework 


The  audiences  for  information  security  metrics  and  the  purposes  those  metrics  serve  can 
vary,  so  it’s  important  to  ensure  that  all  aspects  of  an  IT  security  program  are  measured. 
The  layers  on  the  6M  pyramid  do  not  represent  a  hierarchy;  they  are  simply  used  to  sepa¬ 
rate  metrics  by  purpose  and  by  audience.  The  minute-by-minute  operational  metrics,  for 
example,  help  IT  managers  determine  whether  security  tools  are  working  as  intended. 
The  process  layer  helps  the  company  decide  whether  course  corrections  are  needed.  The 
executive  layer  helps  the  information  security  team  communicate  with  top  management. 
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EXECUTIVE  METRICS 

(e.g.,  return  on  investments,  and  areas  of 
overinvestment  or  underinvestment) 


PROGRAM  METRICS 

(e.g.,  effectiveness  of  security  training, 
governance  and  compliance  programs) 


L 


own  point  of  view.  Metrics  have  to  be 
put  into  some  sort  of  relevancy”  for 
each  perspective,  Cooper  says. 

“TTi  Monitor  all  controls. 

I'T'A  Implementing  controls  for 
r— i  j  1  dealing  with  security  threats 
V _ '  is  one  thing.  Testing,  moni¬ 

toring  and  validating  them  is  another. 
“If  you  have  key  controls  on  critical 
processes,  you  need  continual  moni¬ 
toring  to  make  sure  they  are  working,” 
Brotby  says. 

This  sort  of  monitoring  can  be  part 
of  a  broader  IT  governance  program  or 
compliance  and  auditing  effort. 

Often,  many  of  the  controls  that 
companies  are  using  to  manage  risk 
were  originally  implemented  in  re¬ 
sponse  to  some  tactical  issue.  Many 
companies,  for  instance,  have  imple¬ 
mented  network  behavior  analysis 
tools  in  response  to  concerns  over 
so-called  zero-day  threats  that  take 
advantage  of  unpatched  software  vul¬ 
nerabilities. 

It’s  important  to  tie  controls  back  to 
a  specific  business  risk  and  then  moni¬ 
tor  them  to  ensure  that  they  are  indeed 
doing  what  they  were  intended  to  do. 


“The  problem  with  controls  is  that 
they  are  put  in  place  reactively  to  a 
particular  problem,  and  then  they 
pile  up,  so  you  get  layers  of  controls 
that  people  don’t  know  are  controls,” 
Brotby  says. 

To  a  large  extent,  governance  is 
what  you  are  doing  when  you  gather 
metrics  to  prove  compliance  with  an 
internally  or  externally  driven  security 
requirement,  Meakin  says. 

“Compliance  means  showing  these 
are  the  risks  and  these  are  the  controls, 
and,  yes,  I  have  mapped  those  controls 
to  the  regulatory  requirement,”  he 
says.  “The  fact  I  am  measuring  is  a 
demonstration  of  proper  governance.” 

Taking  such  steps  will  be  challeng¬ 
ing  for  large  companies  where  the 
security  environment  has  grown  in 
response  to  tactical  considerations  as 
opposed  to  strategic  ones. 

To  understand  how  secure  you 
need  to  be  in  that  kind  of  environ¬ 
ment,  start  by  looking  at  your  industry 
or  regulatory  compliance  objectives, 
Othersen  says. 

But  whatever  your  environment,  get 
started.  A  better  answer  to  the  big  se¬ 
curity  question  is  within  reach.  ■ 


30  C0MPUTERW0RLD  JULY  28,  2008 


Your  potential.  Our  pas 

Microsoft 


; 


T  SYSTEM  CENTER.  DESIGNED  FO 


studies  at  DesignedForBig.com 


imM, 


Microsoft 


ilmm 


rmv ; 
I  i  m  /■  •  M 


Microsoft'  System  Center  is  a  family  of 
IT  management  solutions  (including  Operations 
Manager  and  Systems  Management  Server) 
designed  to  help  you  manage  your  mission- 
critical  enterprise  systems  and  applications. 

Carnival  Cruise  Lines  manages  1,000  shipboard  - 
and  land-based  servers  with  System  Center.  That's 
big.  See  Carnival  Cruise  Lines  and  other  case 
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From  Technology  Goddesses  camp  to 
your  future  IT  workforce.  By  Julia  King 


SAN  DIEGO 

'"ygr" 'T’S  10  O’CLOCK  on  a  sunny  April 
morning  in  Balboa  Park.  In  a 
spacious  Girl  Scout  cabin  tucked 
away  amid  lush  green  palm  trees, 
-JiL  20  girls  ranging  in  age  from  11  to 
14,  most  wearing  jeans  and  pigtails,  are 
o  gearing  up  for  today’s  camp  activities. 

*  But  there  are  no  sit-upons  or  s’mores, 
i  potholders  or  paper  crafts  —  just  21 
i  laptops,  two  color  printers,  10  digital 
°  cameras,  two  scanners  and  a  palpable 
I  abundance  of  preadolescent  energy 


and  creative  enthusiasm. 

Welcome  to  Technology  Goddesses, 
a  program  of  weekend  and  weeklong 
technology  camps  that  aims  to  keep 
young  girls  engaged  in  computing  and 
technology,  especially  through  those 
dicey  middle-school  years  when  girls’ 
interest  in  computing  begins  to  de¬ 
cline.  Studies  show  that  prior  to  fifth 
grade,  boys  and  girls  have  a  similar 
level  of  interest  in  computers.  But  after 
that,  boys’  interest  increases  and  girls’ 
Continued  on  page  34 
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Percentage  of  computer 
science  degrees  awarded  to 
women  in  1984 
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Percentage  decline  in  the 
number  of  women  choosing 
to  major  in  computer  science 
between  2000  and  2005 
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Percentage  of  girls  taking 
!  Advanced  Placement  exams 
for  computer  science  in  2006 
-  the  lowest  female  represen¬ 
tation  of  any  AP  exam 
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Percentage  of  computer 
science  degrees  awarded  to 
women  in  2007 
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Percentage  of  U.S.  technol¬ 
ogy  patents  in  which  women 
were  involved 
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SOURCE:  NATIONAL  CENTER  FOR  WOMEN  AND 
INFORMATION  TECHNOLOGY  ( WWW.NCWIT.ORG ) 
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could  be  a  CIO  one 
day  because  they’ri 
starting  now. 

CORA  CARMODY,  SENIOR 
VICE  PRESIDENT  FOR  GLOBAL  IT, 
JACOBS  ENGINEERING  GROUP  INI 
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Continued  from  page  32 
interest  begins  to  wane.  The  upshot  is 
fewer  female  computer  science  gradu¬ 
ates  and  fewer  women  in  IT  careers. 

Cora  Carmody  is  hoping  that  Tech¬ 
nology  Goddesses  will  help  reverse 
that  trend  and  make  technology  rel¬ 
evant  —  even  cool  —  for  this  at-risk 
age  and  gender  group,  by  teaching  girls 
about  digital  design,  Web  site  develop¬ 
ment,  computer  graphics  and  digital 
moviemaking,  and  by  exposing  them  to 
women  in  technology-related  careers. 

Carmody,  senior  vice  president  for 
global  IT  at  Jacobs  Engineering  Group 
Inc.  in  Pasadena,  Calif.,  also  considers 
the  program  a  way  to  build  the  future 
IT  workforce.  “Any  one  of  these  girls 
could  be  a  CIO  one  day  because  they’re 
starting  now,”  she  says. 

Carmody  founded  the  program  in 
2002  on  the  East  Coast  and  began 
working  with  the  Girl  Scouts  in  2003, 
when  she  moved  to  the  West  Coast  to 
work  at  Science  Applications  Interna¬ 
tional  Corp.  Since  then,  the  program 


has  logged  more  than  11,000  hours 
and  reached  more  than  1,000  girls 
through  33  workshops,  seven  weekend 
programs,  three  weeklong  camps  and 
eight  field  trips  to  places  like  Microsoft 
Corp.’s  Innovation  Center  in  Irvine, 
Calif.,  and  Cox  Communications  Inc.’s 
multimedia  digital  production  studio 
at  Petco  Park,  the  home  playing  field  of 
the  San  Diego  Padres. 

All  of  the  programs  take  place  in  a 
“girl-friendly”  learning  environment. 

“The  patterns  of  learning  are  differ¬ 
ent  for  girls,”  says  Carmody,  who  is  the 
mother  of  three  sons  and  a  daughter 
and  the  leader  of  a  Girl  Scout  troop. 

“Girls  are  much  more  social.  They 
like  working  together  in  teams.  They’re 
also  much  more  impressionable  by  role 
models.  And  their  role  models  tend 
to  be  older  girls,  not  adults.  An  older 
girl  is  the  best  technology  mentor  for  a 
younger  girl,”  she  says. 

Technology  Goddesses  and  Girl 
Scouts  made  a  perfect  pairing,  espe¬ 
cially  since  one  of  the  Girl  Scouts’  mot¬ 


toes  is  “As  you  learn,  teach  someone 
else.”  Also,  as  of  sixth  grade,  every 
Interest  Project,  or  IP,  for  which  Girl 
Scouts  earn  a  badge  includes  a  career 
component,  as  well  as  skills,  technol¬ 
ogy  and  service  components. 

“Through  Technology  Goddesses, 
the  girls  learn  to  use  technology  and 
gain  life  skills  and  develop  critical- 
thinking  skills,”  says  Jo  Dee  Jacob, 

CEO  of  Girl  Scouts,  San 
Diego-Imperial  Council 
“They  educate  them¬ 
selves  and  others.” 

This  particular 

weekend,  the  seventh-,  _ 

eighth-  and  ninth-grade 
scouts,  called  Cadettes,  are  using 
Bureau  of  Labor  Statistics  data  to  re¬ 
search  IT-related  careers.  They  are  also 
coaching  younger  Brownies  and  Dai¬ 
sies,  who  are  in  kindergarten  through 
third  grade,  and  the  campers  join  brief¬ 
ly  for  various  technology  lessons. 

Today,  it’s  eighth-grader  Angela 

Continued  on  page  36 


0  MORE  GODDESSES 

Additional  photos  and  the  girls’ 
multimedia  presentations  can 
be  viewed  at  computerworld. 
com/more. 
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Even  Goddesses 
Need  Role  Models 

Not  all  technology  professionals  are 
geeks;  not  all  technology  professionals 
are  CIOs.  Some  make  movies.  Others  are 
graphic  designers  or  Internet  entrepre¬ 
neurs.  The  possibilities  are  infinite. 

That’s  the  message  that  Technology 
Goddesses  wants  to  send  to  the  tween 
girls  who  participate  in  its  programs,  and 
it  needs  help  getting  the  word  out. 

There  are  lots  of  ways  to  help,  says 
Technology  Goddesses  founder  Cora 
Carmody.  “During  held  trips  and  work¬ 
shops,  we  have  career  panels  and  bring 
in  professionals  from  various  fields  to 
talk  about  what  they  do  and  how  technol¬ 
ogy  fits  in,’  ”  she  explains.  Some  girls 
have  also  been  allowed  to  shadow  tech 
professionals  on  the  job  or  intern  at  tech 
companies. 

Companies  such  as  Microsoft,  Deli  and 
SAIC  have  helped  by  donating  money, 
computers,  printers,  digital  cameras  and 
other  equipment. 

For  IT  professionals  who  want  to  do  more, 
one  option  is  to  take  a  week  off  from  work 
and  volunteer  to  help  at  a  Technology  God¬ 
desses  summer  camp  or,  better  yet,  start  a 
camp  of  your  own,  suggests  Carmody. 


Aside  from  a  lot  of  fun,  the  benefits 
of  volunteering  include  building  your 
company’s  reputation  as  an  IT  employer 
of  choice  and  getting  a  glimpse  of  tomor¬ 
row’s  high-tech  workforce,  says  Susie 
Schmitt,  an  Internet  manager  at  SAIC 
who  has  served  on  career  panels  at  Tech¬ 
nology  Goddesses  camps. 

Young  girls  need  to  see  and  talk  to 
women  and  men  who  work  in  and  with  IT 
so  they  can  develop  a  realistic  view  of  what 
a  career  in  technology  might  hold,  says  Joy 
Hughes,  CIO  at  George  Mason  University 
and  an  early  volunteer. 

“We  did  a  lot  of  research  on  how  to  get 
girls  more  involved  [in  technology].  What 
we  found  out  is  that  girls  don’t  understand 
IT  jobs,”  Hughes  says.  “When  we  talked  to 
girls  about  a  career  in  technology,  they’d 
say,  ’Who  wants  to  be  a  geek  and  sit  at  a 
computer  all  day  and  be  by  yourself?’  ” 

By  volunteering  to  talk  about  your  IT  job, 
career  and  work  life  at  a  Technology  God¬ 
desses  program,  Carmody  believes  you 
can  help  dispel  that  negative  stereotype 
and  perhaps  nurture  a  nascent  IT  career. 

She  even  has  a  firsthand  success  story 
to  tell.  “My  daughter,  Katie,  used  to  want 
to  be  a  veterinarian.  Now  she  wants  to 
study  engineering,”  Carmody  says.  “She 
wants  to  be  a  CIO.” 

-  JULIA  KING 


Continued  from  page  34 
Zhang’s  turn  to  lead  a  group  of  Dai¬ 
sies  through  a  “Point,  Click  and  Go” 
Internet  navigation  and  safety  session. 
A  Girl  Scout  since  the  fourth  grade, 
Zhang  aspires  to  be  a  surgeon.  This 
summer,  she’ll  spend  three  weeks  at  a 
camp  for  talented  youth  sponsored  by 
Johns  Hopkins  University. 

“I  like  this  camp  because  it’s  so  relaxed 
and  you  learn  so  much,”  Zhang  says. 

In  the  afternoon,  Leslie  Biasi,  a  Girl 
Scout  co-leader  and  project  coordinator 
at  Dot  Hill  Systems  Corp.,  a  RAID  stor¬ 
age  firm  in  Carlsbad,  Calif.,  teaches  a 
multimedia  workshop  for  the  older  girls. 
Last  year,  Biasi  took  an  unpaid  leave  of 
absence  from  her  job  to  volunteer  at  the 
Technology  Goddesses  weeklong  camp. 

Like  Carmody,  she  is  committed  to 
helping  girls  appreciate  the  creative  and 
career  possibilities  that  IT  has  to  offer. 

Years  ago,  “when  I  first  started 
learning  HTML  and  saw  how  easy  it 
was,  I  thought,  ‘Why  are  only  guys  do¬ 
ing  it?’  ”  Biasi  recalls.  “HTML  is  just 
text  telling  the  computer  to  display  a 
picture  or  make  text  a  certain  color.” 

The  products  from  Biasi’s  session  are 
the  main  attraction  on  Day  2  of  camp. 
That’s  when  the  girls  showcase  the 
multimedia  presentations  they’ve  cre¬ 
ated  about  Technology  Goddesses  pro¬ 
grams.  These  incorporate  video,  clip  art, 
photos  and  lots  of  music,  ranging  from 
Beethoven’s  Ninth  Symphony  to  the  bi¬ 
lingual  rap  and  rock  tunes  of  Karsh  Kale. 

Over  the  course  of  the  two  days,  the 
girls  also  get  girly  with  technology. 
They  make  scented  bath  salts  and  use 
graphics  software  and  designs  down¬ 
loaded  from  the  Internet  to  create  labels 
for  the  jars.  These  items,  Carmody 
points  out,  can  be  sold  to  raise  addition¬ 
al  funds  for  more  Technology  Goddess¬ 
es  programs  or  the  Girl  Scout  troops, 
or  to  offer  scholarships  to  Technology 
Goddesses  summer  camp.  This,  too,  is 
in  line  with  another  Girl  Scout  motto: 

“A  Girl  Scout  uses  resources  wisely.” 

Virtually  all  of  the  Technology  God¬ 
desses’  camp  activities,  workshops  and 
programs  are  designed  to  be  repeated 
by  other  Girl  Scout  troops.  Step-by-step 
materials  and  directions  are  available 
in  a  “badge-in-a-box”  format  at  www. 
technology-goddesses.org. 

“I’d  like  to  see  this  program  grow,” 
says  Carmody.  ■ 
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■  SECURITY  MANAGER’S  JOURNAL  I  C.J.  KELLY 


i  Switching  Gears, 

|  And  Looking  Back 

j  In  the  course  of  four  years,  much  was 
i  accomplished  in  a  government  agency  that 

j  was  a  security  disaster  waiting  to  happen. 

t 

i 


I  FINALLY  DECIDED  to 
leave  public  service 
and  go  back  to  the 
private  sector.  The 
decision  wasn’t  easy, 
l  because  I  hate  to  leave  the 
I  team.  My  boss  is  adjusting, 
j  but  he’s  not  happy.  I  am 
}  very  excited,  though,  to  be 
\  going  back  to  what  I  enjoy 
l  —  security  consulting. 

In  almost  four  years 
i  in  public  service,  I  was 
j  able  to  make  significant 
\  changes  to  the  agency’s 
\  computing  infrastructure. 

'  Building  an  information 
i  security  program  from  the 
j  ground  up  is  always  sat- 
j  isfying.  Even  under  frus- 
!  trating  circumstances,  we 
!  made  monumental  head- 
<  way  toward  a  more  secure 
j  environment. 

One  of  the  first  things 
j  I  did  was  an  information 
!  security  assessment  to  get 
'  the  lay  of  the  land.  I  found 
;  servers  that  hadn’t  been 
j  patched  in  months  and  had 
!  hundreds  of  open  ports, 

!  network  switches  that  al¬ 
ii  lowed  Telnet  connections 
|  with  no  password,  and  PCs 
J  that  weren’t  patched  and 
J  weren’t  running  antivirus 
!  software.  I  also  found 
public  Web  sites  contain- 
<  ing  Access  databases  full 


of  confidential  health 
information,  unfinished 
policy  documents,  an  un¬ 
stable  network  (is  it  any 
wonder?),  no  firewalls,  no 
intrusion  detection,  no 
network  monitoring  and 
basically  no  plan  for  im¬ 
provement. 

I  remember  early  on 
witnessing  one  of  the 
sysadmins  reboot  the 
main  switch  whenever 
the  network  seemed  to 
slow  down.  When  a  server 
failed,  it  was  days  before 
the  system  was  rebuilt  and 
back  online.  Backing  up 
data  was  hit-or-miss.  There 
was  no  plan  for  disaster 
recovery,  and  tapes  were 
reused  and  stored  on-site. 

With  all  this  staring  me 
in  the  face,  personnel  is¬ 
sues  were  even  more  press¬ 
ing.  People  needed  train¬ 
ing,  mentoring,  direction. 
But,  as  I  was  finding  out, 
seniority  is  an  entrenched 
concept  in  government 
staffs.  It’s  all  about  your 

M I  made  it  clear 
that  I  would  judge 
performance  based 
on  teamwork  and 
execution. 


grade  level,  not  your  skill 
set.  How  can  time  on  the 
job  trump  experience, 
skills  and  execution? 

Even  though  I  wanted  to 
get  to  work  on  the  techni¬ 
cal  problems,  I  had  to  fix 
the  people  problems  first. 
That  meant  changing  the 
way  people  thought  about 
themselves  and  their  jobs. 
If  you  tell  a  group  of  state 
employees  that  their  se¬ 
niority  isn’t  as  important 
as  teamwork,  chances  are 
you’re  going  to  be  met  by  a 
lot  of  blank  stares. 

But  I  made  it  clear  that  I 
would  judge  performance 
based  on  teamwork  and  ex¬ 
ecution.  That  was  the  only 
power  I  had  over  my  em¬ 
ployees.  I  didn’t  threaten. 

I  encouraged  cooperation 
and  set  clear  expectations. 
There  were  no  secrets,  no 
politics  and  no  games. 

Fairly  quickly,  I  lost  a 
couple  of  employees.  But 
I  doubt  that  I  would  have 
been  able  to  get  through 
to  them,  and  I  was  able 
to  hire  replacements  who 
understood  where  I  was 
coming  from. 

Fortunately,  my  boss  had 
hired  me  knowing  that  I 
would  want  to  change  the 
atmosphere  as  well  as  the 


Trouble  ; 
Ticket  | 

AT  ISSUE:  A  job  offer 
proves  impossible  to 
resist.  J 

ACTION  PLAN:  Move  on,  | 
and  hope  your  influence  | 
remains  behind. 


technology.  And  he  had 
budgeted  for  the  changes 
and  just  needed  someone 
who  understood  what  need¬ 
ed  to  be  done  and  would 
execute.  I  was  very  lucky 
to  have  him  on  my  side. 

In  the  end,  my  job  in 
government  was  all  about 
vision  and  communicat¬ 
ing  that  vision.  If  you  can 
imagine  a  secured  envi¬ 
ronment  and  understand 
what  needs  to  be  done,  you 
can  do  anything.  Com¬ 
municating  that  vision  is 
an  art,  and  it’s  where  many 
managers  fail.  I  created 
numerous  presentations 
and  network  diagrams.  I 
wrote  plan  documents  and 
road  maps,  and  commu¬ 
nicated  the  vision  to  man¬ 
agement,  never  forgetting 
that  the  team  that  was  go¬ 
ing  to  achieve  that  vision 
was  the  most  important 
part  of  the  mix. 

One  of  my  employees 
said  to  me  just  the  other 
day,  “We  don’t 
want  to  lose  the 
vision.  How  can 
we  make  sure 
the  next  manag¬ 
er  keeps  us  going 
in  the  right  di¬ 
rection?”  Those  words  are 
nearly  reward  enough  for 
the  past  four  years.  But  it’s 
going  to  be  up  to  the  team 
to  self-manage  and  keep  its 
goals  in  sight.  ■ 

This  week’s  journal  is  writ¬ 
ten  by  a  real  security  man¬ 
ager,  “C.J.  Kelly,”  whose 
name  and  employer  have 
been  disguised  for  obvious 
reasons.  Contact  her  at 
mscjkelly@yahoo.com. 
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To  join  in  the  discussions 
about  security,  go  to 
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Microsoft 


1.  Implement  Microsoft  Forefront!’ 
Forefront  makes  defending  your  systems  easier.  It's  a 
comprehensive,  simple-to-use,  integrated  family  of 
products  that  helps  provide  protection  across  your 
client,  server,  and  network  edge.  Learn  how  Del 
Monte  Foods  uses  the  Forefront  family  of  products 
to  help  defend  their  systems.  Visit  easyeasier.com 

Forefront  is  business  security  software  for  client, 
server,  and  the  network  edge. 


1.  Put  the  fire  out. 

Knowing  what  to  do  if  there's  a  fire  is  always  smart 
That  the  fire  spews  from  the  mouth  of  a  ferocious 
flying  serpent  should  make  no  difference. 


2.  Ask  for  a  break. 

Searing  heat,  slashing  claws,  and  the  beating  wings  of  hell  will  tire 
anyone.  Say  you  need  a  break,  then  just  walk  quickly  out  the  back 


3.  Use  the  shrink  spell 

Arthurian  legend  tells  of  the  wizard  Merlin, 
who  would  have  known  how  to  shrink  an  unruly 
Dragon.  Magic  wand  and  spells  not  included. 


4.  Dragonslayer. 

You  learn  to  slay  Dragons  by  slaying 
Dragons.  Win  this  one  and  you'll  be 
an  in-demand  consultant  to  other 
Dragon-besieged  companies. 


5.  The  princess  defense, 
rhat  temp  in  finance— bewigged,  begowned, 
and  pushed  Dragonward — may  just  pass  for 
a  princess. 


■  COMPUTERWORLD  HONORS 


Central 


A  Web-based  tool  combining  3-D  satellite 
imagery  and  real-time  weather  data  helps 
crisis  managers  at  energy  company  BP  make 
quicker,  better  decisions.  By  Mary  K.  Pratt 


AT  A  GLANCE 

■  BP  PLC  is  a  global 
energy  company  with 
nearly  100,000  em¬ 
ployees,  plus  business 
activities  and  custom¬ 
ers  in  more  than  100 
countries  across  six 
continents.  Sales  and 
other  operating  rev¬ 
enue  for  2007  topped 
$284  billion. 

■  Project  champions 
are  Brian  Autio,  BP’s 
geospatial  team  lead 
for  the  Gulf  of  Mexico, 
and  Steve  Fortune, 
BP’s  director  of  infor¬ 
mation  management, 
along  with  projects 
program  manager 
Susan  Warburton  and 
chief  architect  John 
Maio,  both  of  whom 
are  contractors  from 
Comsys  IT  Partners 
Inc.,  working  for  BP. 

■  About  100  people 
work  on  Fortune’s  Gulf 
of  Mexico  information 
management  team. 

■  Team  members  didn’t 
calculate  an  R0I  but 
say  the  company’s  Cri¬ 
sis  Management  Sys¬ 
tem  aiiows  executives 
and  crisis  managers 
to  make  quicker,  more 
accurate  decisions  that 
can  save  valuable  as¬ 
sets  and  even  lives. 


RIAN  AUTIO  has 
to  predict  Mother 
Nature  so  his 
employer,  energy 
giant  BP  PLC, 
knows  how  to  react. 

For  years,  Autio,  BP’s 
geospatial  team  lead  for  the 
Gulf  of  Mexico,  used  a  mish¬ 
mash  of  tools  —  from  satel¬ 
lite  images  to  paper  wall 
maps  dotted  with  pushpins 
—  to  accomplish  his  work. 

His  system  got  the  job 
done,  but  it  was  cumber¬ 
some.  There  was  clearly 
room  for  improvement.  “It’s 
just  a  very  intense  process, 
and  it  lends  itself  perfectly 
to  technology,”  Autio  says. 

He  and  his  colleagues 
now  have  a  more  advanced 
way  to  help  them  do  their 
jobs:  BP’s  Crisis  Manage¬ 
ment  System.  It  uses  3-D 
satellite  imagery,  real-time 


weather  data,  and  a  visual 
representation  of  the  com¬ 
pany’s  workers,  their  homes 
and  corporate  assets  to 
deliver  a  truly  visual  assess¬ 
ment  of  what’s  happening 
where.  The  Web-based  tool 
enables  the  Houston-based 
crisis  team,  top  manage¬ 
ment  in  the  U.K.  and  execu¬ 
tives  around  the  world  to 
view  the  same  information 
in  real  time,  helping  them 
improve  their  decision¬ 
making  capabilities. 

WEATHER  WATCH 

“Having  these  more  ad¬ 
vanced  kind  of  tools  is 
bringing  a  lot  of  value  to 
storm  management,”  says 
Bradley  Williams,  an  energy 
and  utilities  analyst  at  Gart¬ 
ner  Inc.  “It’s  basically  being 
able  to  assess  the  situation 
and  respond  much  quicker, 


because  you’re  able  to  pull 
all  that  information  togeth¬ 
er,  assess  the  damage  and 
prioritize  response.” 

BP  had  been  moving  to¬ 
ward  the  development  of  its 
Crisis  Management  System 
for  several  years.  The  com¬ 
pany  already  had  high-tech 
tools  like  satellite  feeds  and 
mapping  systems  to  help 
track  and  manage  events. 

However,  the  pieces 
didn’t  always  work  together. 
Autio  says  he  would  spend 
three  or  four  hours  before  a 
planning  meeting  manually 
pulling  data  from  up  to  20 
databases  and  Web-based 
sources.  But  BP  officials 
didn’t  have  a  lot  of  time 
when  a  disaster  like  a  hur¬ 
ricane  was  barreling  down 
on  the  company’s  workers 
and  assets. 

“There  was  a  lot  of  pres¬ 
sure  to  get  something  done 
quickly,  and  it  had  to  be 
right,”  Autio  says. 

There’s  a  lot  at  stake.  BP 
has  about  2,000  people  on 
platforms  in  the  Gulf,  and 
it  supplies  millions  of  bar¬ 
rels  of  oils  and  gas  to  the 
U.S.  every  day.  When  a  hur¬ 
ricane  comes  through,  the 
company  has  to  decide  who 
and  what  needs  to  be  moved 
in  the  Gulf  and  in  vulner- 


Getting  the  Job 
Done  -  Fast 

Projects  program  manager  Susan  Warbur¬ 
ton  and  chief  architect  John  Maio  delivered 
BP’s  Crisis  Management  System  in  less  than 
three  months  using  the  rapid  deployment 
methodology. 

Warburton  and  Maio  took  six  weeks  to 
develop  a  prototype  of  the  tool  that  users 
could  then  try  out  and  provide  feedback  on. 
li’s  a  methodology  the  pair  generally  use  on 
all  projects. 

“Because  we’re  doing  things  fast,  we  find 
ourselves  going  back  and  filling  in  some 
gaps,”  Maio  says.  “But  from  a  positive  side, 


we  get  things  up  very  quickly  and  at  a 
low  cost.” 

Warburton  and  Maio  say  that  while  de¬ 
veloping  a  prototype  was  a  big  part  of  their 
strategy,  they  also  drew  on  their  relation¬ 
ships  with  business  partners  to  quickly  build 
a  tool  that  really  works. 

“We  live  and  breathe  with  the  business. 
We’d  sit  in  on  the  incident  command  posts 
and  these  scenarios  to  see  how  they  handle 
a  hurricane  coming  in,  so  we  quickly  under¬ 
stand  what  the  business  needs  from  a  tech¬ 
nology  perspective,”  Warburton  says. 

Maio  notes  that  he  and  Warburton  are  good 
at  “stepping  back  and  saying,  ‘What  do  you 
really  want?’  ” 

-  MARY  K.  PRATT 
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able  coastal  areas. 

These  concerns  had 
pushed  BP  to  make  incre¬ 
mental  improvements  in  its 
storm  management  process¬ 
es,  Autio  says.  Then  hurri¬ 
canes  Katrina  and  Rita  hit  in 
2005.  BP  scrambled  to  help 
its  affected  workers,  bringing 
them  water,  generators  and 
other  supplies  while  also  try¬ 
ing  to  assess  the  damage  to 
its  assets. 

But  the  company  needed 
a  quicker,  more  automated 
way  to  mobilize.  “Katrina 
and  Rita  pushed  us  to  lever¬ 
age  the  technology  faster,” 
says  projects  program  man¬ 
ager  Susan  Warburton. 

BP  recognized  that  it  had 
to  move  from  a  process  that 
used  printouts  of  maps  based 
on  information  that  could 
be  hours  old  to  a  system  that 
pulls  in,  presents  and  shares 
data  in  real  time,  says  chief 
architect  John  Maio. 


“The  technology  moved 
to  a  place  where  you  could 
actually  do  this,”  says  BP 
information  management 
director  Steve  Fortune. 

Maio  and  Warburton  say 
they  opted  for  Microsoft’s 
Virtual  Earth  because  BP 
uses  the  vendor’s  technology 
for  its  portal  environment. 
They  decided  to  make  it 
Web-based  so  people  could 
easily  monitor  it  from  any¬ 
where  in  the  world. 

As  with  any  new  technol¬ 
ogy,  users  had  to  adjust  to  the 
tool.  But  users  knew  how  to 
drill  down  into  data  to  find 
what  they  needed  and  could 
still  print  out  maps  and  in¬ 
formation  like  they  used  to, 
which  made  the  transition 
easier,  Warburton  says. 

BP  also  needed  to  tweak 
some  of  the  information 
used  in  the  Crisis  Manage¬ 
ment  System,  Autio  says. 

For  instance,  no  Web  feeds 


of  hurricane  information 
were  available,  so  BP  went  to 
an  existing  vendor,  Impact- 
Weather  Inc.  in  Houston,  to 
develop  feeds  that  include 
hurricane  paths,  probability 
zones  and  additional  infra¬ 
red  satellite  images. 

The  system  can  be  used 
to  monitor  earthquakes  and 
fuel  spills  in  the  ocean,  and 
their  effect  on  BP  platforms. 
Autio  says  it  can  also  be  used 
to  manage  all  sorts  of  crises. 
In  fact,  BP  used  the  system 
during  last  winter’s  Midwest 
ice  storms  and  last  year’s 
California  wildfires  to  deter¬ 
mine  which  BP  employees 
needed  assistance  and  what 
kind  of  help  was  required. 

Fortune  says  the  technol¬ 
ogy  can  even  be  used  for 
supply  chain  management. 
The  ability  to  visualize  as¬ 
sets  can,  for  example,  help 
the  company  direct  vessel 
traffic  in  the  Gulf,  he  says. 


Meanwhile,  work  on  the 
Crisis  Management  Sys¬ 
tem  continues.  The  team 
is  implementing  a  tool  that 
will  allow  workers  to  call 
in  via  phone  or  the  Internet 
and  report  where  they  are, 
if  they  and  their  homes  are 
OK,  and  whether  they  need 
any  help,  Warburton  says. 

Maio  says  the  next  step  is 
to  add  text  messaging  and 
mobile  interfaces,  letting 
workers  access  real-time 
data  from  anywhere. 

Warburton  says  BP  offices 
around  the  world  are  plan¬ 
ning  to  implement  the  Crisis 
Management  System.  “We’re 
getting  it  to  the  point  where 
it  will  go  worldwide,”  she 
says.  Maio  notes  that  more 
than  1,000  users  have  already 
worked  with  the  tool.  ■ 

Pratt  is  a  Computer  world 
contributing  writer  in 
Waltham,  Mass.  Contact  her 
at  marykpratt@verizon.net. 
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m  OPINION 

Robert  L.  Mitchell 


OK,  IT’S  NOT  PERFECT.  But  Windows  Vista  on  a 
new  PC  is  perfectly  serviceable  for  many  users.  In 
some  ways,  in  fact,  Vista  is  a  better  operating  sys¬ 
tem  than  Windows  XP.  Unfortunately,  XP’s  heir 
apparent  is  also  the  most  derided  and  discounted  Microsoft 
operating  system  since  Windows  Me. 


With  all  of  the  negative 
press  about  slower-than- 
expected  adoption  rates 
and  the  push  for  vendors 
to  continue  offering  an 
XP  option  on  new  PCs, 
users  may  be  left  with  the 
impression  that  anything 
is  better  than  opting  for 
Vista  —  including  paying 
a  premium  to  downgrade 
to  Windows  XP  when 
buying  a  new  PC. 

That’s  a  bit  extreme. 
Granted,  the  operat¬ 
ing  system  has  its  share 
of  glitches  and  issues. 
Higher-end  versions  are 
pricey,  and  Vista  requires 
state-of-the-art  hardware 
for  optimum  perfor¬ 
mance.  But  more  than 
a  year  after  its  release, 
Vista  with  SP1  is  reason¬ 
ably  stable  and  probably 
more  secure  than  XP.  It’s 
also  technically  more 
advanced  than  its  seven- 
year-old  predecessor. 

As  developers  bring 
products  to  market  that 
exploit  unique  Vista 
capabilities,  such  as  the 
Presentation  Graphics 


subsystem  and  support 
for  Sidebar  gadgets,  us¬ 
ers  will  want  them.  But 
those  who  buy  XP  with 
that  new  PC  won’t  have 
access  to  those  applica¬ 
tions  because  they  will 
be  working  through  an 
operating  system  de¬ 
signed  in  the  late  ’90s  to 
run  on  millennium-era 
hardware.  What’s  more, 
general  support  for  that 
“new”  XP  operating  sys¬ 
tem  will  end  next  April, 
even  though  many  con¬ 
sumers  will  keep  those 
machines  for  five  years. 

If  users  buying  new 
PCs  are  going  to  stick 
with  Windows,  they 
should  get  machines  with 
Vista  preloaded.  Sure, 
the  incessant  barking  of 
security  warnings  is  an¬ 
noying,  but  those  can  be 

H  As  developers 
brinp  products  to 
market  that  exploit 
unique  Vista  capa¬ 
bilities,  users  will 
want  them. 


muzzled.  Windows  is  the 
platform  on  which  users 
run  the  applications  that 
do  the  real  work.  Those 
applications  will  increas¬ 
ingly  exploit  and  rely  on 
Vista’s  capabilities. 

In  a  market  that 
watches  shipments  as 
if  they  were  movie  box- 
office  grosses,  Vista 
has  fallen  short  of  very 
public  expectations.  But 
although  Vista  hasn’t 
been  a  blockbuster  on  par 
with  Windows  95,  gen¬ 
eral  penetration  rates  for 
the  operating  system  are 
following  the  same  slow, 
steady  trajectory  as  those 
for  Windows  XP,  accord¬ 
ing  to  a  June  report  by 
Bernstein  Research. 

For  business,  the  Vista 
adoption  calculation  has 
many  more  variables. 
And  there’s  no  need  to 
rush.  Enterprises  can 
continue  to  install  their 
own  XP  system  images 
onto  new  hardware,  and 
the  security  updates  that 
businesses  need  will  be 
available  until  2014.  By 


then,  Vista’s  successor 
should  be  established. 

But  there  is  also  some¬ 
thing  to  be  said  for  stay¬ 
ing  current  with  your 
users.  Vista  is  shipping 
on  most  new  Windows 
PCs  in  the  retail  channel 

—  Microsoft  claims  to 
have  shipped  140  million 
copies  as  of  March  2008 

—  and  it’s  a  sure  bet  that 
most  of  those  licenses 
aren’t  being  downgraded 
to  XP.  That  means  users 
will  increasingly  be  run¬ 
ning  Vista  at  home. 

At  least  one  wavering 
CIO  sees  this  as  a  politi¬ 
cal  issue.  He  worries  that  \ 
if  users  accept  Vista  at 
home  and  businesses 
wait  for  Windows  7,  IT 

i 

may  look  lethargic  in  its 
efforts  to  deploy  the  lat-  j 
est  technology  to  meet 
business  needs.  By  the 
time  Windows  7  is  ready 
for  enterprise  use,  XP 
will  be  at  least  10  years  j 
old.  At  that  point,  being 
on  the  trailing  edge  with 
XP  could  hurt  IT’s  cred¬ 
ibility  and  make  kicking 
off  more-ambitious  proj¬ 
ects  difficult,  he  says. 

In  the  end,  the  Vista 
decision  involves  striking  \ 
a  delicate  balance  be¬ 
tween  political,  technical  \ 
and  business  issues.  Wait  ! 
or  migrate?  Both  choices 
involve  some  risks.  ■ 

Robert  L.  Mitchell  is  a 
Computerworld  national 
correspondent.  Contact 
him  at  robert_mitchell@ 
computerworld.com. 
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Should  I  Stay  or  Should 


I 


Men  are  much  more  likely  than  women  to  cite  compensation  as  a  top 
reason  for  staying  in  a  job.  For  women,  relationships  predominate. 

What  factors  most  influence 
your  decision  to  stay  in  a  job? 


WOMEN 


Relationships  with  co-workers 


Relationship  with  manager 


Desirable  working  hours 


Attractive  benefits 


Attractive  compensation 


SOURCE:  SALARY.COM  E-MAIL  QUESTIONNAIRE  COMPLETED  BY  7.101  EMPLOYEES,  MARCH  2008 


Microsoft  is  expanding  its  use  of  performance-based  testing  (PBT)  in  its 
certification  exams.  With  PBT,  exam  takers  are  presented  with  real-world 
problems  and  must  apply  the  concepts  and  technologies  they  are  being  tested 
on  to  reach  a  solution.  The  method  is  seen  as  a  way  of  enhancing  the  value 
of  a  certification,  because  certified  IT  workers  will  have  demonstrated  that 
they  know  how  to  use  the  technology  in  question,  as  opposed  to  being  able  to 
memorize  jargon  or  even  buy  pirated  test  answers.  Microsoft  currently  uses 
PBT  in  five  of  its  exams  and  expects  to  add  it  to  a  sixth  this  summer.  It  plans  to 
introduce  PBT  to  even  more  of  its  exams  over  the  next  year  and  a  half. 


The  jump  in  job  postings  over 
the  past  six  months  that  call 
for  experience  in  VMware 
products,  recorded  by  Dice.com 
and  reported  in  May  2008. 


■  Q&A 

Jack  Cullen 

-•  *  Hi  0  /'fr  wr~ 4 


president  of  IT  staffing 

provider  Modis  talks  about  trends 
workforce  availability. 


12 


What  IT  skills  are  most 
needed  right  now?  Is  de¬ 
mand  up,  down  or  holding 
steady?  The  IT  skills  we  see 
most  in  demand  at  this  point  in 
time  include  .Net,  Java,  J2EE, 

SAP  and  Oracle.  Positions  that  we 
have  experienced  strong  demand 
for  include  business  analysts, 
project  managers,  help  desk/call 
center  support  staffers  and  quality 
assurance  specialists.  Overall,  de¬ 
mand  is  down  slightly  from  where 
it  was  at  this  time  last  year. 

What  are  some  of  the  diffi¬ 
culties  in  meeting  demand? 

The  biggest  challenge  is  the  slow¬ 
ness  of  the  hiring  manager.  De¬ 
spite  the  fact  that  the  supply  pool 
is  still  less  than  optimal,  managers 
are  slow  to  hire  because  they  are 
searching  for  the  perfect  match. 
This  has  a  tendency  to  backfire  on 
the  project,  because  by  the  time 
the  hiring  manager  finally  makes 
that  decision,  the  candidate  being 
considered  has  moved  on  and 
taken  another  position. 

Do  you  notice  geographical 
differences?  There  are  slight 
geographical  differences,  but  for 
the  most  part,  the  skill  sets  and 
positions  I  listed  are  in  demand 
across  all  of  North  America. 

Is  increased  connectivity 


erasing  supply-and-demand 
disparities,  since  workers 
can  often  provide  their  ser¬ 
vices  without  moving  to  a 
new  area?  Despite  the  fact  that 
mobility  has  improved  dramatical¬ 
ly,  most  hiring  managers  want  the 
IT  worker  to  be  on-site  for  a  major¬ 
ity  of  the  project.  Over  85%  of  the 
positions  we  staff  seek  candidates 
that  are  willing  to  work  at  the  loca¬ 
tion  of  the  particular  project. 

What  should  companies 
do  as  they  look  to  recruit 
talented  IT  professionals? 

Companies  need  to  see  the  com¬ 
plete  picture  that  an  individual 
brings  to  a  project.  The  highest 
level  of  technical  expertise  does 
not  always  assure  them  that  they 
are  getting  the  person  they  need. 
Making  sure  a  person  can  work 
in  a  pressure  environment  or  can 
function  properly  on  a  team  are 
critical  skills  that  aren’t  always 
apparent  during  the  interview 
process.  You  should  avoid  mak¬ 
ing  a  decision  on  the  interview 
alone.  The  firm  that  represents  the 
candidate  should  have  a  detailed 
log  on  the  individual  that  includes 
at  least  three  references  of  a 
similar  project,  skill  assessment 
and  ranking,  background  check, 
and  an  accurate  profile  of  the 
candidate’s  personality. 

Anything  else  you  would  like 
to  add?  Most  managers  do  not 
enjoy  or  have  time  for  the  hiring 
process.  However,  making  a  wrong 
hire  can  have  a  severe  impact  on 
the  outcome  of  the  project  and 
can  cost  the  hiring  manager  their 
position  within  their  company.  Le¬ 
verage  the  consulting  firm  or  place¬ 
ment  agency  that  you  are  working 
with  so  this  becomes  a  pain-free 
process  and  you  can  focus  more 
time  on  delivering  the  project. 

-  JAMIE  ECKLE 
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Director,  Computational  Biology  and  Bioinformatics  Program 

National  Institute  on  Drug  Abuse  •  Department  of  Health  and  Human  Servi  es  •  National  Institutes  of  Health 


The  National  Institute  on  Drug  Abuse  (NIDA)  at  tire  National  Institutes 
of  Health  (NIH)  is  seeking  a  senior-level  scientist  with  expertise  in 
bioinformatics  and  information  technology  who  wall  bring  significant 
experience  to  operate  in  an  intellecUially  challenging  Federal  biomedical 
research  institution  engaged  in  a  national  research  program  to  understand 
the  biomedical  and  social  causes  and  consequences  of  drug  addiction 
throughout  the  world. 

This  is  a  new  position  that  offers  a  unique  and  challenging  opportunity  for 
tlie  right  individual  to  work  directly  with  the  NIDA  Director  to  create  and 
establish  a  major  new  program  in  computational  biology  and  bioinformatics. 
The  successful  candidate  will  provide  scientific  and  executive-level  manage¬ 
ment,  leadership,  and  direction  for  the  program;  oversee  efforts  to  coordi¬ 
nate  and  integrate  large-scale  existing  and  to-be-developed  data  systems  in 
therapeutics,  pharmacology,  genetics,  and  health  services;  and  mine  and 
analyze  data  across  studies  and  disciplines,  allowing  meaningful  new 
hypotheses,  research  directions,  and  well-founded  conclusions  to  be  derived. 
These  would  involve  not  only  application  of  standard  techniques,  but  also 
the  development  and  validation  of  new  and  innovative  approaches.  The 
candidate  will  work  with  scientists  and  bioinformatics  experts  at  NIH  as 
well  as  in  the  academic  community  and  in  industry. 

The  successful  candidate  will  possess  an  M.D.  and/or  Ph.D.  degree  and 
have  scientific  credentials  and  research-oriented  experience  related  to 

NIH  encourages  the  application  and  nomination  of  qualified  women,  minorities, 
and  individuals  with  disabilities. 

HHS  and  NIH  are  Equal  Opportunity  Employers. 

drugabuse.gov 


biomedical  informatics,  computational  biology,  and/or  information 
technology.  In  addition,  the  candidate  will  have  sufficient  education  and 
experience  to  ensure  success  in  managing  a  professional  and  technical  staff 
engaged  in  providing  highly  technical  and  complex  informatics  support  to 
inhouse  and  NIDA-funded  university-based  biomedical  and  clinical  pro¬ 
grams.  Extensive  experience  in  information  technology  management, 
encompassing  strategic  planning,  technical  project  management  and  process 
transformation,  is  highly  desirable.  The  candidate  also  must  possess  strong 
leadership  qualities  and  exceptional  interpersonal  skills. 

Application  Process:  Salary  is  commensurate  with  experience;  a  full 
package  of  Federal  Government  benefits  is  available,  including  retirement, 
health  and  fife  insurance,  long-term  care  insurance,  leave  and  retirement 
savings  plan  (40 IK  equivalent).  Send  your  application  package,  including: 
C\(  bibliography,  and  two  letters  of  recommendation  to  the  National 
Institutes  of  Health;  Attn:  Stephanie  Jones,  Office  of  Human  Resources; 
2115  East  Jefferson  St.,  Room  2D-204,  Rockville,  Maryland  20853;  or  e- 
mail:  jonesl7@mail.nih.gov;  phone:  919-541-7913.  For  further  information 
on  the  position,  please  contact  the  search  committee  chair:  Barry  Hoffer, 
M.D.,  by  e-mail:  bhoffer@intra.mda.nih.gov,  or  phone:  443-740-2463.  Your 
application  package  must  be  received  by  September  15,  2008.  All  informa¬ 
tion  provided  by  applicants  will  remain  confidential  and  will  not  be  released 
outside  the  NIDA  search  process  without  a  signed  release  from  candidates. 

U.S.  Department  of 
Health  and  Human  Services 

NATIONAL  INSTITUTES  OF  HEALTH 

"V  TT  |  A  national  institute 
1  \  I  I  Jf\  ON  DRUG  ABUSE 


Software  Engineer  positions. 
Competitive  salary.  40  hr/wk. 
Responsible  for  support  and 
programming  of  current  appli¬ 
cation  Acom3  in  Java. 
Additional  responsibilities 
include  application  develop¬ 
ment  using  leading  edge  tech¬ 
nology,  business  analysis  and 
customization  of  the  Acom3 
product  to  support  greater  effi¬ 
ciency  within  our  customers 
work  flow.  Environment  used 
Java  and  XML.  Require 
Master's  degree  in  Computer 
Science  or  Management 
Information  Systems  and  1  year 
of  programming  experience  in 
JAVA  and  XML  environment  or 
will  accept  a  Bachelor's  degree 
and  five  years  of  programming 
experience  in  JAVA  and  XML 
environment.  Send  resumes  to 
Actek,  Inc.,  2120  Data  Drive, 
Birmingham  AL  35244  or  e-mail 
to  personnel@acteksoft.com. 
EOE. 


IT  MANAGER  needed  w/ 
Masters  in  CS  or  Engg  &  1  yr 
exp  to  manage,  plan  &  coord 
Enterprise  Customer 

Relationship  &  Business 
Process  Mgmt  Systems. 
Perform  System  Reqmts 
Analysis,  Test  Strategies,  Time 
&  Cost  Estimation,  Defining 
Stds  &  evaluation  procedures 
using  SDLC  principles  &  s/ware 
dsgn  patterns.  Des,  devp  &  test 
Data  Warehousing  &  RDBMS 
applies  using  ETL  tools,  Oracle, 
TOAD,  SQL,  MS  Project,  UNIX, 
Java,  C++,  QC  &  SCME.  Supv. 
3  Consultants.  1  yr  exp  as 
Systems  Engr  is  acceptable. 
Mail  res  to:  Compu-lnfo  22 
Meridian  Rd,  Ste  #17,  Edison, 
NJ  08820.  Job  Loc:  Edison,  NJ 
or  in  any  unanticipated  Iocs  in 
U.S.A. 


Project  Manager  needed 
using  a  Project  &  Project 
Portfolio  Mgmt  applica¬ 
tion.  Employer  paid 
domestic  &  int'l  travel 
reqd.  Mail  resume  to: 
PowerSteering  Software, 
Attn:  A.  Marlow,  141 
Portland  St„  10th  Fir, 
Cambridge,  MA  02139. 


CO-BRANDED 


EMAIL 

BLASTS 


Reach  your  targeted  audience  of  professional  IT  job  seekers 
with  Computerworld’s  Co-Branded  Email  Blasts.  This  unique 
program  allows  you  to  choose  your  criteria  of  100%  opt- in 
subscribers  by  geography,  company  size,  job  title  and  industry. 

COMPUTERWORLD 

IT  CHEERS 


Call  ITCareers  Director  of  Sales, 
Laura  Wilkinson  at  800-762-2977  for  details! 
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.  COMPUTERWORLD’S  , 
1  10  IT  SCHOOLS  1 

|  TO  WATCH  | 

a  Computerworld’s  special  ■ 

1  report,  will  profile  forward-  4 

■  thinking  IT  graduate  pro-  ■ 

grams  selected  for  making  1 

■  their  programs  relevant  to  ■ 

1  today’s  work  world.  1 

‘I  Colleges  and  universities  have  been  § 
criticized  for  producing  graduates 
i*  with  already-obsolete  IT  skills.  But  | 

*  these  10  leading-edge  graduate  I 

schools  are  moving  at  the  pace  of  the 

Sv  IT  workplace,  preparing  today’s  IT  | 
professionals  for  tomorrow’s  world. 

-  Computerworld  consistently  deliv-  - 

ti  ers  relevant  career  content  to  help  IT  | 
professionals  manage  their  careers 
%  and  development.  Reaching  over  § 

*  one  million  weekly  print  readers  and  " 

over  two  million  visitors  to  Computer- 
world. com  monthly,  Computerworld  § 

can  put  your  advertising  message  in 

■  front  leading  IT  talent.  ■ 


IT  Opportunities 

Due  to  our  rapid  growth,  we  have  the  following  positions  available: 

Programmer  Analyst:  Analyze,  design,  develop,  code,  test  and  maintain 
database  management  systems.  Must  have  at  least  a  Bachelor’s  degree  and 
3+  years  of  experience  and  the  ability  to  use  Mainframe,  DBA,  AS400  and 
Client-Server  Tools. 

Project  Managers/Leaders:  Lead  a  team  of  programmer  analysts  and  data 
base  administrators  on  development  and  maintenance  of  hardware  and  software 
applications  as  well  as  be  responsible  for  project  planning  and  quality  assurance. 
Must  have  a  Bachelor's  degree  and  5+  years  of  experience  and  the  ability  to 
use  Mainframe,  DBA,  AS400  and  Client-Server  Tools. 

Business  Development  Managers/Directors:  Manage  sales  activities  and 
achieve  sales  quota  for  assigned  territory.  Help  Syntel’s  sales  leadership  in 
planning  and  rolling  out  an  inside  sales  strategy.  Must  have  a  Bachelor’s  degree 
and  3+  years  of  experience. 

All  positions  are  located  throughout  the  U.S.  and  travel  is  usually  required. 

Above  positions  commonly  require  any  of  the  following  skill  sets: 

Mainframe:  IMS  DM/DC  OR  DB2,  MVS/ESA,  COBOL,  CICS,  Focus,  IDMS 
or  SAS. 

DBA:  ORACLE  OR  SYBASE  DB2,  UDB 

Client-Server/WEB:  Ab-initio  •  Oracle  Applications  &  Tools  •  Websphere 

•  Lotus  Notes  Developer  •  VB,  Com/Dcom,  Active  X  •  Web  Architects  •  UNIX, 
C,  C++,  Visual  C++,  C#.NET,  ASP.NET,  VB.NET  •  SAP/R3,  ABAP/4  or  FICO  or 
MM  &  SD  •  IEF  •  Datawarehousing  and  ETL  tools  •  WiNT  •  Oracle  Developer 
or  Designer  2000  •  JAVA,  HTML,  J2EE,  EJB  •  RDBMS  •  PeopleSoft 

•  PowerBuilder  •  Web  Commerce 

AS400:  RPG,  ILE,  Coolplex 

Please  forward  your  cover  letter  and  resume 
to:  Syntel,  Attn:  Recruitment  Manager 
525  E.  Big  Beaver,  Ste.  300 
Troy,  Ml  48083 

E-mail:  syntel_usads@syntelinc.com  EOE 

www.syntelinc.com 


Methodology: 

Working  from  a  list  of  55  finalists- 
created  by  a  team  of  IT  recruiters, 
CIO’s  and  academic  advisors-Com- 
puterworld  editors  selected  10  IT 
graduate-level  programs  because 
of  their  highly  innovative  curricula 
and  relevance  to  today’s  IT/business 
world.  In  addition,  a  companion  sur¬ 
vey  of  alumni  will  determine  their  lev¬ 
el  of  satisfaction  with  the  programs. 


/ - ; - \ 

Looking  for 

something  new? 

You’ve  come  to  the 
right  place! 


Check  back  with  us  weekly 
for  fresh  listings  placed  by  top 
companies  looking  for  skilled 
professionals  like  you! 


\ 
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Hexium,  Inc.  seeks  software 
engineers,  system  analysts. 
Involve  in  Middle-Ware  develop¬ 
ment  using  J2EE;  responsible 
for  application  architecture  using 
Websphere  and  BEA  Web 
Logic.  Must  have  MS/BS  with  1- 
5  IT  exp.  Travel  required.  Please 
apply  atjobs@hexiuminc.com. 

Programmer  or  system  analysts 
or  software  engineers  wanted  by 
RS  Systems  Company  to  devel¬ 
op  IT  applications.  Must  have 
MS  or  BS  with  experience. 
Travel  maybe  required.  Send 
resume  to  jobs@rssystems.com. 


Sr.  Test  Engineer 
OleumTech  Corp.  in  Irvine,  CA 
seeks  a  full-time  Sr.  Test 
Engineer.  Bachelor's  degree  in 
Comp.  Science  or  equivalent 
and  min.  3-5  years  experience 
required.  Knowledge  of  hard¬ 
ware  and  software  design, 
object-oriented  design,  test 
automation  integration,  system 
testing  and  Unix  systems  pre¬ 
ferred.  Mail  or  Email  resume, 
cover  letter  and  salary  require¬ 
ments  to  Karen  Cosme,  29 
Parker  Irvine  CA  92618. 
kcosme@oleumtech.com 


*  Space  reservation  deadline: 

■  August  6 

For  advertising  details  contact: 
p  Laura  Wilkinson:  847-441-8877  or  | 
email:  laura_wilkinson@itcareers.net 
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Searching  for  diverse  IT  Talent? 

<D 

(D 

Let  Computerworld  IT  careers  put  your  recruitment 

message  in  front  of  over  1,400,000 

03 

o 

qualified  IT  professionals! 
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Contact  Laura  Wilkinson  for  details 

at  laura_wilkinson@itcareers.net 
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TRUE  TALES  OF  IT  LIFE  AS  TOLD  TO  SHARKY 


Now,  Is  That  Nice? 

Pilot  fish  does  routine  mainte¬ 
nance  at  this  customer’s  data 
center  each  weekend  -  and 
it’s  unpleasant.  “The  security 
guard  seemed  to  despise  the 
computer  company  I  work 
for,”  fish  says.  “Every  week¬ 
end  I  was  forced  to  listen  to 
his  vitriol,  and  company  policy 
forbade  me  from  respond¬ 
ing.”  But  one  morning,  a  very 
pretty  young  woman  comes 
into  the  computer  room,  and 
it  all  becomes  clear:  Turns  out 
she  and  the  guard  are  taking 
a  programming  class,  and  the 
guard  is  positively  beaming 
that  she  needs  his  help.  And 
the  course  instructor  is  one 
of  fish’s  co-workers,  whom 
the  young  woman  idolizes. 
Reports  fish,  “Seeing  this,  I 


couldn't  help  but  ask,  ‘is  Fred 
doing  OK?  He’s  my  co-worker, 
and  last  week  he  was  pretty 
bummed  because  his  girl¬ 
friend  broke  up  with  him.’  The 
young  woman  looked  at  me 
as  if  I  had  just  given  her  the 
best  Christmas  present  in  the 
world,  and  the  guard  looked 
at  me  like  he  wanted  me  to  die 
on  the  spot.  But  man,  it  was 
so  worth  it!” 

Yeah,  Right 

Programmer  at  a  remote 
site  is  testing  changes  to  a 
mainframe  application,  but 
they  keep  causing  the  test 
system  to  crash.  So  he  calls 
this  systems  programmer 
pilot  fish,  who  instructs  him 
to  set  up  the  problem  transac¬ 
tion  and  then  call  fish  back 


so  he  can  start  a  trace.  But 
by  the  time  programmer  calls 
again,  fish  is  hip-deep  in  a 
high-priority  problem.  Hang 
tight,  he  tells  programmer. 

A  minute  later,  fish  receives 
an  automated  alert  report¬ 
ing  that  programmer’s  app 
has  crashed  again.  Next  day, 
programmer  calls  and  asks 
fish,  “Did  you  see  anything  in 
the  trace?”  No,  there  was  no 
trace,  fish  says.  Why  didn’t 
you  wait  until  I  could  get  set 
up?  Programmer:  “It  was  an 
accident.”  An  accident?  “Yes, 
I  had  a  manual  on  top  of  my 
monitor,  and  it  fell  and  hit  the 
Enter  key.”  Says  fish,  “I  shook 
my  head  and  replied  incredu¬ 
lously,  ‘That’s  amazing!’  and 
hung  up.  He  called  right  back. 

I  told  him,  ‘Sorry,  a  manual 
dropped  on  my  phone  switch 
hook  and  disconnected  us.’  ” 

Bet  They  Do  Now 

Pilot  fish  in  charge  of  security 
cameras  attends  a  plantwide 
meeting,  where  he  hears  the 
HR  director  claim  to  have  vid¬ 


eo  showing  employees  violat¬ 
ing  the  smoke-free  workplace  \ 
rules.  “People  are  apparently 
lighting  up  as  soon  as  they 
get  into  their  cars,”  says 
fish.  “The  rule  states  that 
they  can’t  light  up  until  they 
are  outside  the  gate.  When 
afterward  I  point  out  that  the 
system  is  not  capable  of  that 
kind  of  imaging,  especially 
when  shot  from  a  fixed-focus,  \ 
wide-angle  rooftop  camera, 
the  HR  director  says,  ‘I  only 
said  that.  They  don’t  know 
that  our  cameras  can’t  do  it.’ 

Want  to  bet?” 

■  Bet  on  Sharky.  Send  me  your  | 
true  tale  of  IT  life  at  sharky  @ 
computerworld.com.  I’ll  send 
you  a  stylish  Shark  shirt  if  I 
use  it. 


O  NEED  TO  VENT  YOUR  SPLEEN? 

Toss  some  chum  into 
the  roiling  waters  of 
Shark  Bait.  It's  therapeutic! 

sharkbait.computerworld.com, 
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FRANKLY  SPEAKING 


One  Risky  Point 


SINGLE  POINT  OF  FAILURE.  That’s  the  right  term 
for  talking  about  the  mess  in  San  Francisco,  where 
last  week  the  city  government  finally  regained  control 
of  its  backbone  network.  Terry  Childs,  the  net  admin 
jailed  for  locking  down  administrative  access,  turned  over  the 
passwords  during  a  secret  visit  from  Mayor  Gavin  Newsom. 


Childs’  lawyer  said 
Childs  hadn’t  divulged 
the  passwords  sooner  be¬ 
cause  he  believed  “none 
of  the  persons  who  re¬ 
quested  the  password  in¬ 
formation  . . .  were  quali¬ 
fied  to  have  it,”  according 
to  court  filings. 

We’re  starting  to  get 
solid  information  on 
the  case,  now  that  the 
impasse  has  broken  (see 
story,  page  16).  But  until 
Childs  revealed  the  pass¬ 
words,  all  we  knew  for 
sure  was  that  Childs  was 
in  jail  and  that  the  net¬ 
work  was  still  working 
but  couldn’t  be  managed. 

Beyond  that,  it’s  been 
Rashomon  in  IT.  Depend¬ 
ing  on  who’s  telling  the 
story,  Childs  is  a  brilliant 
network  engineer  who 
did  nothing  wrong.  Or 
possibly  a  cyberterrorist 
who  held  the  government 
hostage.  Or  maybe  just  an 
overstressed,  burned-out 
guy  who’s  the  victim  of  a 
misunderstanding. 

San  Francisco’s  IT 
management?  That’s  a 


bunch  of  tech-clueless 
bureaucrats.  Or  maybe 
it’s  a  gang  of  goons  who 
are  out  to  get  Childs  no 
matter  the  cost.  Or  per¬ 
haps  it’s  a  group  of  con¬ 
scientious  public  servants 
whose  only  concern  was 
regaining  control  of  a 
crucial  network  that 
might  have  been  full  of 
booby  traps. 

Childs’  erstwhile  co¬ 
workers?  They’re  half¬ 
wits  who  couldn’t  man¬ 
age  that  backbone  with 
both  hands  and  a  map. 

Or  innocent  victims  of  a 
network  guru  with  a  God 
complex.  Or  enablers 
who  helped  create  the 
mess  by  their  silence. 

From  news  reports  to 
blog  comments,  the  reac¬ 
tions  have  been  stunning 

il  A  single  point  of 
failure  is  a  reliabil¬ 
ity  problem.  That’s 
something  techies 
and  managers, 
gurus  and  grunts 
can  ail  understand. 


in  their  vehemence  and 
variety.  And  there’s  not 
one  yawning  gulf  here, 
but  many:  between  te¬ 
chies  and  nontechnical 
managers,  between  gurus 
and  regular  IT  grunts, 
between  designers  and 
administrators,  between 
security  wonks  and  op¬ 
erations  guys,  between 
practicing  network  ex¬ 
perts  and  best-practices 
pundits. 

It  seems  like  suddenly 
we  can  agree  on  nothing. 
But  maybe  we  can  all  rec¬ 
ognize  this: 

Terry  Childs  was  a 
single  point  of  failure. 

Never  mind  whether 
he’s  saint  or  sinner,  vil¬ 
lain  or  victim.  Set  that 
aside  for  now. 

Focus  on  this:  Childs 
was  the  only  guy  who 
understood  that  fiber 
backbone  network.  He 
designed  it.  He  ran  it.  He 
maintained  it.  He  con¬ 
trolled  it.  And  nobody 
could  replace  him. 

In  other  words,  a  single 
point  of  failure. 


Forget  whether  that 
situation  was  because  of 
cheapness,  arrogance,  in¬ 
competence  or  paranoia. 
The  result  was  the  same: 
If  something  happened  to 
Childs  —  a  stroke,  a  car 
accident,  a  breakdown, 
a  job-related  “misunder¬ 
standing”  —  that  single 
point  would  fail. 

And  it  did. 

Look,  this  San  Fran¬ 
cisco  fiasco  has  thrown 
a  spotlight  on  every  ugly 
division  in  the  IT  profes¬ 
sion.  We  see  it  as  a  matter 
of  control  or  expertise  or 
responsibility  or  stupid¬ 
ity  or  freedom.  We  see  it 
as  us  vs.  them,  and  that 
reaches  into  our  deepest 
fears  and  anger. 

So  remember  this:  A 
single  point  of  failure 
is  a  reliability  problem. 
That’s  something  techies 
and  managers,  gurus  and 
grunts  can  understand. 

We  all  have  at  least  one 
single  point  of  failure 
lurking  somewhere  in  our 
IT  operations.  Waiting 
until  it  generates  a  crisis 
that  spirals  into  finger¬ 
pointing,  frustration  and 
fear  is  not  the  way  to  go. 

There’s  really  only  one 
good  way  to  deal  with 
a  single  point  of  failure: 
Find  it  and  cure  it  before 
it  fails.  « 

Frank  Hayes  is  Computer- 
world’s  senior  news 
columnist.  Contact  him 
at  frank_hayes@ 
computerworld.com. 
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